Static NAT

With static NAT, routers or firewalls translate one private IP address to a single public IP address. Each private IP address is mapped to a single public IP address. Static NAT is not often used because it requires one public IP address for each private IP address.

To configure static NAT, three steps are required:

1. configure private/public IP address mapping by using the ip nat inside source static PRIVATE_IP PUBLIC_IP command
2. configure the router’s inside interface using the ip nat inside command
3. configure the router’s outside interface using the ip nat outside command

Here is an example.

static nat example

Computer A requests a web resource from S1. Computer A uses its private IP address when sending the request to router R1. Router R1 receives the request, changes the private IP address to the public one and sends the request to S1. S1 responds to R1. R1 receives the response, looks up in its NAT  table and changes the destination IP address to the private IP address of Computer A.

In the example above, we need to configure static NAT. To do that, the following commands are required on R1:

static nat configuration

Using the commands above, we have configured a static mapping between Computer A’s private IP address of and router’s R1 public IP address of To check NAT, you can use the show ip nat translations command:

show ip nat translations