Let’s illustrate how to configure PAT. At this point, if you are unfamiliar with NAT then please read this post here first.

We will use the following topology to make our point…

This topology above consists of a number of hosts (Host A, Host B, and Host C). The Service Provider has allocated a single usable public IP addresses to our company (108.57.60.253). Our goal here is to run PAT on RT01RL.

Similar to configuring basic NAT, we need to identify the direction of the NAT rule which would tell us where to set our inside and outside boundaries.

Let’s look at the interfaces of the router first…

Based on our target goal here which is to PAT internal hosts to the outside interface on our topology, it is clear here that Eth1/0 should be the inside interface and Eth1/1 should be the outside interface. The direction of the PAT is from the Inside to the Outside.

Our next step now is to configure access-list(s) to match on our internal hosts. Let’s do that…

Our last step is now to configure PAT. Let me show you how to do it…

All right ! Here we are basically telling the router to perform NAT sourcing from the network segment defined in access-list 100 and to use the outside interface of the router. The keyword “Overload” here is the most important aspect of this configuration. It basically enables PAT and uses 108.57.60.253 for all translation sessions with different port numbers.

Let’s see that in action…

-From Host A, we will generate HTTPS traffic
-From Host B, we will generate SSH traffic
-From Host C, we will generate DNS request

Let’s enable http server on Web_Server…

Good ! Let’s hop on our hosts and configure IP SLA traffic generator and then check our NAT table.

-Host A will be configured with the following commands:
ip sla monitor 1
type tcpConnect dest-ipaddr 204.57.110.99 dest-port 443 control disable
timeout 1000
frequency 3
ip sla monitor schedule 1 life forever start-time now

-Host B will be configured with the following commands:
ip sla monitor 1
type tcpConnect dest-ipaddr 204.57.110.99 dest-port 22 control disable
timeout 1000
frequency 3
ip sla monitor schedule 1 life forever start-time now

-Host C will be configured with the following commands:
ip sla monitor 1
type dns target-addr www.routeleak.com name-server 204.57.110.99
timeout 0
frequency 9
ip sla monitor schedule 1 start-time now life forever

Let’s now check the router NAT table…

Notice how the translated address is identical for all session types but unique port numbers differentiate the active sessions. This is basically how PAT works.

This is all I wanted to bring to your attention. Please let me know if you have questions.