How to Configure NAT (PAT) on a Cisco Router
To configure PAT (NAT overload): mark the inside and outside interfaces, define which addresses to translate with an ACL, then enable overload. This lets a whole LAN share one public IP.
PAT is the config every internet-facing router runs — many private devices behind one public address. Practise in the NAT/PAT lab.
Step 1: Mark inside and outside interfaces
interface gi0/0 → ip nat insideinterface gi0/1 → ip nat outside | Tells NAT which side is the private LAN vs the public link |
Step 2: Define which addresses to translate
access-list 1 permit 192.168.1.0 0.0.0.255 | An ACL matching the inside network to be translated |
Step 3: Enable PAT (overload)
ip nat inside source list 1 interface gi0/1 overload | Translates matched addresses to the outside interface IP, using ports |
Verification
Ping the internet from an inside PC, then run show ip nat translations — you'll see private addresses mapped to the public interface with different port numbers. That port column is PAT distinguishing the sessions.
Frequently asked questions
How do I configure PAT on a Cisco router?
Mark interfaces as ip nat inside/outside, create an ACL matching the inside network, then ip nat inside source list [acl] interface [outside] overload.
What does the overload keyword do?
It enables PAT — many inside hosts share one outside address, distinguished by unique source port numbers.
Why is an ACL needed for NAT?
The ACL defines which source addresses are eligible for translation — it's a matching tool identifying the inside network here.
How do I verify NAT is working?
show ip nat translations shows the active mappings; if empty while internet fails, check the inside/outside interface markings and the ACL.
Related articles
Want hands-on training?
Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.