NAT (Network Address Translation) rewrites IP addresses at the edge of your network.
You already built every variant in the NAT module of the CCNA path.
Let's put everything back in place in one lesson.Private Addresses Stop at the Edge
Your internal hosts use private addresses defined by RFC 1918: 10.0.0.0/8, 172.16.0.0/12, and 192.168.0.0/16.
These ranges are not routable on the public Internet.Watch what happens when 192.168.1.5 sends a packet to 8.8.8.8 without translation.
Figure 1 – Without NAT, the packet from 192.168.1.5 is blocked
The packet is dropped at the edge.
No provider forwards traffic sourced from a private address.
Your host needs a public address before it can leave.Answer the question below
What happens to a packet sourced from a private address at the edge?
Translation at the Edge
Your router provides that public address.
The translation mechanism is defined in RFC 3022.
Figure 2 – R1 replaces the private source IP with its public IP
R1 swaps the source 192.168.1.5 for its public address 37.5.55.103.
It records the mapping in its NAT table.
When the reply comes back, the table tells R1 which internal host gets the packet.
Static, Dynamic and PAT are all variations of this mechanism.Answer the question below
Where does the router record each active translation?
A translation can be fixed, borrowed from a pool, or shared through port numbers.
You know all three from CCNA.Static NAT: One-to-One
Static NAT binds one private address to one public address, permanently.
Figure 3 – Static NAT maps 192.168.1.5 to 37.5.55.103 one-to-one
The mapping never expires and works in both directions.
That makes it the right choice for a server that must stay reachable from the outside.
The cost: one public address reserved per host, even when it sends nothing.Dynamic NAT: A Borrowed Pool
Dynamic NAT keeps the one-to-one logic but makes it temporary.
Figure 4 – Dynamic NAT lends a public IP from a shared pool
When a host sends traffic, your router lends it a free address from a public pool.
When the session ends, the address returns to the pool.But the pool is finite.
Figure 5 – Pool exhausted: the fourth host is denied
Three addresses in the pool, four hosts sending traffic: the fourth connection is denied.
Each active host still consumes one full public address.
Dynamic NAT moved the problem without solving it.Answer the question below
What happens to a new connection when the dynamic pool is empty?
PAT: Ports Make the Difference
PAT (Port Address Translation), also called NAT Overload, breaks the one-to-one constraint.
40 % Complete: you’re making great progress
Ready to pass your CCNP exam?