Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

exam Nat question

hi all,

An organization has one router that is its border with the outside

world. The gateway router is connected to three internal routers.

Only the internal routers have feeds to hosts.

NAT needs to be implemented and all the hosts need to be put into

a private address space.

The question is whether one should implement NAT on the gateway

router, or implement NAT once on each interior router.

What is the "correct" answer?


New Member

Re: exam Nat question

Hi Mahesh18,

My opinion is to perform NAT on your 3 internal routers and configure a routing protocol between your internal and border routers.

In this way, border router will free up itself from processes related to network address translation.

Please rate if it helps.




Re: exam Nat question

NAT should be done on the internal routers itself as thats the initial point of contact for the hosts carryin private ip to move out into the clouds.These internal routers can den use either some Dynamic routing protocol to exchange routes between itself & border router or better can make use of simple default route to border one.

This will relieve border router of unwarranted checks and nat tables.NAT table works better if its near to the emanating traffic for outgoing ones.

Rate if this helps!!!

New Member

Re: exam Nat question

Hi thanks

for greathelp

Re: exam Nat question

You would do NAT overload (PAT) at the network edge (on the gateway router). All internal interfaces including the outside interfaces of the three internal routers would have private addresses.

All NAT/PAT configuration would be consolidated on the single device. This is also where you would establish static NAT translations for public access to inside servers (if any).

You would likely choose to use a dynamic routing protocol between the gateway router and the three internal routers to facilitate communication between the three innermost LANs.

New Member

Re: exam Nat question

hi Michael thanks for reply.

So NAT overloading is used as we have more Private IP addresses as compare to Public IP


Re: exam Nat question

Think in terms of one-to-one, many-to-one, dynamic, and static translations.

PAT is a many-to-one translation. It is often used when you only have one "inside global address" (i.e.: one global IP representing multiple inside hosts).

However, when more than one global IP is available, PAT can co-exist with other translations as well.

NAT can be used to do a static one-to-one translation where one specific private IP is mapped to one specific global IP.

NAT can be used to do dynamic one-to-one translations where a private IP is mapped "temporarily" to a global IP from a pool, and then relinquished when no longer needed, to be used by another host.

You could do static one-to-one for some of your hosts, and dynamic one-to-one for the remaining hosts (using a pool), or alternatively, many-to-one using PAT.

New Member

Re: exam Nat question

Thanks for help again

Re: exam Nat question

Your welcome.