Static NAT is a type of NAT in which a specific IP address on a private network is mapped to a corresponding public IP address. These one-to-one mappings between the private and public IP addresses are configured manually and stay inside the NAT table until they are manually removed because there is no timeout period.
In addition, besides configuring static mappings for IP addresses, it is also possible with static NAT to translate TCP and UDP ports. This process is called port forwarding and allows the original ports, which identify the services and applications, to be translated into different ports. An example would be a web server using TCP port 80 locally inside the network to be accessed from the internet on TCP port 8080.
Best Use Case for Static NAT
Static NAT is typically used when an organization has a publicly accessible server on its private network, such as a web server or mail server, and needs to make it available to the public internet, as in the image above. By using static NAT, the private IP address of the server is translated to a public IP address, allowing external users to access the server.
However, keep in mind that static NAT can limit the number of available public IP addresses since each private IP address requires a unique public IP address mapping. That’s why it is not the best translation choice for endpoints (users), but only for servers.
Static NAT Configuration Example
Let’s use the same topology example from the image above as a use case to configure static NAT. First, you need to create the static mapping for the IP address of the web server and then enable NAT on both FastEthernet interfaces, 0/1 and 0/2, where NAT should be used.
To define a static NAT mapping, configure the ip nat inside source static private-IP public-IP command in global configuration mode. To enable NAT on an interface and define the direction of translation, you must enter the ip nat inside|outside command on both the inside and outside interfaces. The commands required for the example are as follows:
To verify the static NAT configuration, you can use the show ip nat translation command, which would provide the following output:
