Static NAT (Network Address Translation) is the first IP address translation method you'll discover.
In your internal network, network devices use private IP addresses defined by RFC 1918.
These addresses are only valid locally and cannot be routed over the Internet.
Figure 1 – Static NAT lets a private IP communicate with the internet using a fixed public IP
When a private host try to communicate with the outside world, it needs a public IP address to communicate with devices outside your internal network.
Answer the question below
What does a private host need to reach the Internet?
Static NAT is used when you want to establish a 1-to-1 correspondence between a private IP address and a public IP address.
Let's take an example:
A server in your local network has the address 192.168.1.5.
It wishes to contact the Google DNS server: 8.8.8.8.When the packet reaches the router, it is blocked.
Figure 2 – Without NAT, the private IP 192.168.1.5 is blocked
Why is this? Because the source address is private, and therefore not routable on the Internet.
The router needs to apply address translation (NAT) to enable communication.To solve this, we implement a Static NAT rule:
The private address 192.168.1.5 is associated with a public address 37.5.55.103.
Figure 3 – Static NAT creates a 1-to-1 mapping between a private IP and a public IP
As shown in this diagram, the router configures a static NAT table with :
Inside Local : 192.168.1.5 (the internal private IP address)
Inside Global : 37.5.55.103(the public IP address used on the Internet)
Let's move on and see what happens in practice during a transmission!
Answer the question below
What kind of IP address cannot go directly to the Internet?
Let's assume that Static NAT is already configured.
When the packet is sent from server 192.168.1.5 to DNS server 8.8.8.8, the following happens:
Figure 4 – The router uses a static NAT table to link 192.168.1.5 with 37.5.55.103
The router identifies the source address as 192.168.1.5 (private address).
It applies the configured Static NAT rule.
It replaces this address with the public address 37.5.55.103.
The packet is then transmitted over the Internet.
Answer the question below
What is the source server IP address outside?
How the Public IP Reaches Your Router
Wait — when 8.8.8.8 sends its reply back to 37.5.55.103, how does that packet even find your router?
NAT only rewrites packet headers, it does not advertise routes: the Inside Global address must be a real public IP already routed toward your router by your ISP.In a real-world setup, the ISP gives you both the transit link to their router and a separate public IP block that they statically route toward your WAN interface.
Answer the question below
What public IP does the router use to replace 192.168.1.5?
Now let's take a step-by-step look at how to configure Static NAT.
40 % Complete: you’re making great progress
Unlock the rest of this lesson
If you’d like to continue your CCNA journey, simply create your free account.
Access all CCNA lessons
Practice with hands-on labs
Train with Practice exams and Quizzes
Progress tracking in your dashboard
Made by network engineers - CCNP certified
3023 learners globally