How to configure a Cisco router for access to the Internet using dynamic and static PAT.
It will show how to setup dynamic PAT translating all the LAN IPs to the WAN IP address of the router and also how to setup static port translation for an internet web server.
LAN subnet = 192.168.3.0/24
WAN subnet = 18.104.22.168/30
(192.168.3.1 – int fa0/0) R1 (int fa0/1 – 22.214.171.124) -> (126.96.36.199) ISP
ip nat inside
ip nat outside
access-list 101 permit ip 192.168.3.0 0.0.0.255 any
ip nat inside source list 101 interface fa0/1 overload
Note you can use a standard acl instead but whichever you use you should not use “any” as the source IP addresses as this can cause problems with NAT.
Dynamic NAT connections have to be initiated from inside to outside (using the above example) so if you wanted to host a webserver for example on your LAN you would need a static NAT entry to allow connections from the outside. Note in a secure environment you would host any servers accessible from the Internet on a DMZ.
Carrying on from previous example –
Web server = 192.168.3.5
ip nat inside source static tcp 192.168.3.5 80 interface fa0/1 80
The routing for a setup like this is very simple. You just need a default route pointing to the next hop IP of your ISP. Because you are translating all your internal 192.168.3.x IPs to the WAN interface your ISP does not need to have any routes for your internet subnets.
ip route 0.0.0.0 0.0.0.0 188.8.131.52.6