Static NAT (Network Address Translation) - Complete Guide

1. What is Static NAT?

Definition: Static NAT is a one-to-one permanent mapping between a private IP (internal) and a public IP (external). Unlike Dynamic NAT or PAT, it does not change dynamically or share IPs.

Purpose & Use Cases:

Hosting Public Servers: e.g., 192.168.1.10 → 203.0.113.5
Remote Access: e.g., DVR at 10.0.0.100 accessed via public IP
Legacy Systems: Requiring consistent public IPs

2. How Static NAT Works (1:1 Mapping)

Key Terms:

Term	Meaning	Example
Inside Local	Private/internal IP	192.168.1.10
Inside Global	Public-facing IP	203.0.113.5
Outside Global	Public IP of external device	8.8.8.8

Traffic Flow:

User accesses 203.0.113.5
Router translates it to 192.168.1.10
Server replies → router translates back to 203.0.113.5

3. Static NAT Configuration (Cisco IOS)

Step 1: Identify Inside & Outside Interfaces

Router(config)# interface GigabitEthernet0/0
Router(config-if)# ip nat inside
Router(config-if)# exit

Router(config)# interface GigabitEthernet0/1
Router(config-if)# ip nat outside
Router(config-if)# exit

Step 2: Static Mapping

Router(config)# ip nat inside source static 192.168.1.10 203.0.113.5

Step 3: Verify NAT

Router# show ip nat translations

Sample Output:

Pro Inside global     Inside local       Outside local      Outside global
--- 203.0.113.5       192.168.1.10       ---                ---

4. Testing Static NAT

From Outside: ping 203.0.113.5 or http://203.0.113.5
From Inside: Access 192.168.1.10

5. Limitations of Static NAT

⚠ Requires one public IP per device
⚠ No port sharing like PAT
⚠ Not scalable for large networks

6. Security Considerations

✅ Only explicitly mapped devices are accessible
❌ Entire IP is exposed (no port-level control)
🔒 Use Access Control Lists (ACLs) to filter access

7. Static NAT vs. Dynamic NAT vs. PAT

Feature	Static NAT	Dynamic NAT	PAT (Overload)
Mapping	1:1 (Permanent)	Pool-based (Temporary)	Many:1 (Port-based)
IP Usage	One public IP per device	From a pool	Single IP
Use Case	Servers, CCTV	Internal devices going out	Internet sharing

8. Troubleshooting Static NAT

Common Issues:

❌ No translation → Check interfaces, NAT config
❌ Port not accessible → Verify service is running
❌ Wrong public IP → Ensure ISP routes it to you

Debug Commands:

Router# debug ip nat
Router# show ip nat statistics

9. Static NAT in IPv6

Usually not required in IPv6 due to abundant addresses. NAT64 is used for IPv6 to IPv4 translation where needed.

10. Practical Example

Scenario: Internal web server at 192.168.1.100 → Public IP 203.0.113.10

ip nat inside source static 192.168.1.100 203.0.113.10

Users browsing http://203.0.113.10 will reach the internal server.

11. Summary

Static NAT = Permanent 1:1 mapping
Used for servers that need consistent public access
Requires interface tagging and static mapping command
Combine with ACLs for enhanced security

1. What is Static NAT?

A. Dynamic mapping between private and public IPs B. Many-to-one mapping of private IPs to a single public IP C. A pool-based, temporary IP mapping D. A permanent one-to-one mapping between private and public IPs

Correct answer is D. Static NAT creates a permanent 1:1 mapping between internal and external IP addresses.

2. What is the purpose of Static NAT?

A. Hosting public servers with fixed public IPs B. Sharing a single public IP among many devices C. Temporary IP assignment for clients D. Encrypting IP addresses for security

Correct answer is A. Static NAT is mainly used to provide fixed public IPs for servers accessible externally.

3. In Static NAT terminology, what is "Inside Local"?

A. The public IP address of the server B. The private/internal IP address of the device C. The external IP of an outside host D. The IP address of the NAT router interface

Correct answer is B. Inside Local refers to the internal (private) IP of the device behind NAT.

4. Which Cisco IOS command maps a private IP to a public IP permanently?

A. ip nat pool B. ip nat dynamic source C. ip nat inside source static [private IP] [public IP] D. ip nat overload

Correct answer is C. This command creates a static 1:1 NAT mapping.

5. What interface configuration identifies the LAN-facing interface in Static NAT?

A. ip nat outside B. ip nat inside C. ip nat source D. ip nat static

Correct answer is B. The LAN (internal) interface is configured as ip nat inside.

6. What is a key limitation of Static NAT?

A. It allows multiple devices to share one public IP B. It dynamically assigns IP addresses C. It provides encrypted IP translation D. Each internal device requires a unique public IP

Correct answer is D. Static NAT needs a one-to-one unique public IP for each internal device.

7. Which command verifies NAT translations on a Cisco router?

A. show ip nat translations B. show interfaces C. show ip route D. show arp

Correct answer is A. This command displays current NAT translation mappings.

8. Which of the following is NOT a security consideration for Static NAT?

A. Use ACLs to restrict access B. Limit exposed services C. Supports port translation for security D. Monitor external traffic

Correct answer is C. Static NAT does NOT support port translation (PAT); the whole IP is mapped.

9. What is the main difference between Static NAT and PAT?

A. Static NAT shares a single public IP for many devices B. PAT allows many internal devices to share one public IP using port numbers C. Static NAT dynamically assigns IPs D. PAT requires unique public IP per device

Correct answer is B. PAT (Port Address Translation) lets many devices share one public IP via ports.

10. Why is Static NAT less scalable than Dynamic NAT or PAT?

A. Because it requires one unique public IP per internal device B. Because it assigns IPs dynamically C. Because it encrypts IP addresses D. Because it uses port overloading

Correct answer is A. Static NAT needs a unique public IP per device, limiting scalability.

← Back to Home