Static NAT

With static NAT, routers or firewalls translate one private IP address to a single public IP address. Each private IP address is mapped to a single public IP address. Static NAT is not often used because it requires one public IP address for each private IP address.

To configure static NAT, three steps are required:

1. configure private/public IP address mapping by using the ip nat inside source static PRIVATE_IP PUBLIC_IP command
2. configure the router’s inside interface using the ip nat inside command
3. configure the router’s outside interface using the ip nat outside command

Here is an example.

static nat example

Computer A requests a web resource from S1. Computer A uses its private IP address when sending the request to router R1. Router R1 receives the request, changes the private IP address to the public one, and sends the request to S1. S1 responds to R1. R1 receives the response, looks it up in its NAT  table, and changes the destination IP address to the private IP address of Computer A.

In the example above, we need to configure static NAT. To do that, the following commands are required on R1:

R1(config)#ip nat inside source static
R1(config)#interface fastEthernet 0/0
R1(config-if)#ip nat inside
R1(config-if)#interface fastEthernet 0/1
R1(config-if)#ip nat outside

Using the commands above, we have configured a static mapping between Computer A’s private IP address of and the router’s R1 public IP address of To check NAT, you can use the show ip nat translations command:

R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
--- --- ---

Download our Free CCNA Study Guide PDF for complete notes on all the CCNA 200-301 exam topics in one book.

We recommend the Cisco CCNA Gold Bootcamp as your main CCNA training course. It’s the highest rated Cisco course online with an average rating of 4.8 from over 30,000 public reviews and is the gold standard in CCNA training: