Static NAT (Network Address Translation) is the first IP address translation method you'll discover.
In your internal network, network devices use private IP addresses defined by RFC 1918.
These addresses are only valid locally and cannot be routed over the Internet.
Figure 1 – Static NAT lets a private IP communicate with the internet using a fixed public IP
When a private host try to communicate with the outside world, it needs a public IP address to communicate with devices outside your internal network.
Answer the question below
What does a private host need to reach the Internet?
Static NAT is used when you want to establish a 1-to-1 correspondence between a private IP address and a public IP address.
Let's take an example:
A server in your local network has the address 192.168.1.5.
It wishes to contact the Google DNS server: 8.8.8.8.When the packet reaches the router, it is blocked.
Figure 2 – Without NAT, the private IP 192.168.1.5 is blocked
Why is this? Because the source address is private, and therefore not routable on the Internet.
The router needs to apply address translation (NAT) to enable communication.To solve this, we implement a Static NAT rule:
The private address 192.168.1.5 is associated with a public address 37.5.55.103.
Figure 3 – Static NAT creates a 1-to-1 mapping between a private IP and a public IP
As shown in this diagram, the router configures a static NAT table with :
Inside Local : 192.168.1.5 (the internal private IP address)
Inside Global : 37.5.55.103(the public IP address used on the Internet)
Let's move on and see what happens in practice during a transmission!
Answer the question below
What kind of IP address cannot go directly to the Internet?
Let's assume that Static NAT is already configured.
When the packet is sent from server 192.168.1.5 to DNS server 8.8.8.8, the following happens:
Figure 4 – The router uses a static NAT table to link 192.168.1.5 with 37.5.55.103
The router identifies the source address as 192.168.1.5 (private address).
It applies the configured Static NAT rule.
It replaces this address with the public address 37.5.55.103.
The packet is then transmitted over the Internet.
When the DNS server responds, the router performs the reverse operation:
it replaces the destination address 37.5.55.103 with 192.168.1.5, and the packet correctly returns to the original sender.Answer the question below
What public IP does the router use to replace 192.168.1.5?
Now let's take a step-by-step look at how to configure Static NAT.
Defining Inside and Outside interfaces
First step: you need to tell the router which interfaces correspond to the internal (private) network and which to the external (Internet) network.
40 % Complete: you’re making great progress
Unlock the rest of this lesson
If you’d like to continue your CCNA journey, simply create your free account.
Access all CCNA lessons
Practice with hands-on labs
Train with Practice exams and Quizzes
Progress tracking in your dashboard
Made by network engineers - CCNP certified
learners globally
Static NAT
Static NAT is widely used in real networks because it creates a fixed one-to-one mapping between private and public IPs. In this lesson, you will clearly understand how to configure it and when this method is practical or limited.