In this article we will configure semi-basic NAT with a Cisco router. This post will be useful for CCNA studies. First we’ll create an ACL specifying which addresses we want to be NATed, then we apply our NAT statement to the router (enabling NAT), then we tell the interfaces whether they are inside or outside. I will also throw in a little “port forwarding” as a bonus.

Here’s our NAT ACL:

ip access-list extended NAT
 permit ip any

This ACL is permitting ANY 192.168.x.x address to be NATed. I’m doing it this way because I have a lot of subnets at home and it’s easier than a line for each. Most people would probably use something like this:

ip access-list extended NAT
 permit ip 192.168.10 any

Next we turn NAT on, we do it with this NAT statement:

ip nat inside source list NAT interface FastEthernet 0/0 overload

This command enables NAT, the “source list” section points to the ACL we made earlier, which allows certain hosts to be NATed. The “interface” portion allows this to work with DHCP, prevents you from needing a static IP or updating NAT statements when your IP changes. The “overload” command is very important, it enables PAT (Port Address Translation), which allows us to run many hosts using inside only one IP address outside.

Next we will need to tell the router which interfaces are inside and outside:

interface FastEthernet 0/0
 ip nat outside
interface FastEthernet 0/1
 ip nat inside
interface Vlan 10
 ip nat inside
interface Vlan 15
 ip nat inside

We’re telling the router that Fa0/0 is the outside with VLAN 10 and VLAN 15 being the inside (addresses to NAT).

Next we will do some “port forwarding”:

ip nat inside source static tcp 44 interface FastEthernet 0/0 44

This command might look intimidating, but basically it is just saying “if traffic hits Fa0/0 on port 44 send it to on port 44″.
Once it’s all configured you can initiate some traffic from inside and verify everything with a show command “show ip nat translations”.

That’s about it. NAT is pretty simple to configure, but there are a few steps and the commands can be pretty long.


Colby Glass has been in IT since 2002. He is currently a Systems Engineer (presales) with a Cisco Gold partner and holds the CCNP R/S, CCNP DC, CCDP, CCIP, JNCIA-ER.

More Posts