Network Address Translation - NAT Cheat Sheet

Updated 2026-04-30

Next Topic: Network Administration Cheat Sheet

Network Address Translation (NAT) is a method that enables multiple devices on a private network to access the internet using one or more public IP addresses by modifying IP address information in packet headers. NAT emerged as a critical solution to IPv4 address exhaustion and now underpins virtually every home and enterprise network connection. While NAT helps conserve public IP addresses and provides a basic security layer by hiding internal network topology, it fundamentally alters the end-to-end connectivity model of the internet—creating challenges for peer-to-peer applications, VPN connections, and real-time protocols that require direct addressing.

What This Cheat Sheet Covers

This topic spans 14 focused tables and 109 indexed concepts. Below is a complete table-by-table outline of this topic, spanning foundational concepts through advanced details.

Table 1: Core NAT TypesTable 2: NAT Address TerminologyTable 3: NAT Behavioral Types (RFC 4787)Table 4: Carrier-Grade NAT (CGNAT/LSN)Table 5: Port Forwarding and MappingTable 5: Port Forwarding and MappingTable 7: IPv6 Transition and NATTable 8: NAT Session ManagementTable 9: NAT and Specific ProtocolsTable 10: NAT Troubleshooting and DiagnosticsTable 11: NAT Configuration ExamplesTable 12: Cloud Provider NAT ServicesTable 13: NAT Security and Privacy ImplicationsTable 14: Advanced NAT Concepts

Table 1: Core NAT Types

NAT isn't one thing — it's a family of translation modes, and which one you use shapes whether inbound connections work, how many hosts can share an address, and what gets rewritten. The big mental split here is between many-to-one PAT (the overload everyone runs at home), one-to-one static and dynamic mappings, and the more surgical variants like twice NAT and policy NAT that translate destinations or make decisions on extended criteria.

Type	Example	Description
Static NAT	`ip nat inside source static 192.168.1.10 203.0.113.50`	• One-to-one permanent mapping between a private IP and specific public IP • bidirectional translation that allows inbound connections to a specific internal host
Dynamic NAT	`ip nat pool PUBLIC 203.0.113.10 203.0.113.20` `ip nat inside source list 1 pool PUBLIC`	• Maps private IPs to public IPs from a pool on first-come first-served basis • translations created dynamically when inside hosts initiate outbound connections and released when idle
Port Address Translation (PAT)	`ip nat inside source list 1 interface gi0/1 overload`	• Many-to-one translation using unique source port numbers • allows thousands of internal devices to share a single public IP by multiplexing connections through different ports (NAT overload).
Twice NAT	`nat (inside,outside) source dynamic obj-inside interface destination static obj-server obj-server`	• Translates both source and destination addresses simultaneously • used for overlapping IP address spaces or complex multi-site scenarios requiring bidirectional translation
Policy NAT	`ip nat inside source route-map POLICY_MAP pool NAT_POOL`	• NAT decisions based on extended criteria beyond source address—includes destination IP, protocol, or port • enables granular per-application translation policies

Table 1: Core NAT Types

Type	Example	Description
Static NAT	`ip nat inside source static 192.168.1.10 203.0.113.50`	• One-to-one permanent mapping between a private IP and specific public IP • bidirectional translation that allows inbound connections to a specific internal host
Dynamic NAT	`ip nat pool PUBLIC 203.0.113.10 203.0.113.20` `ip nat inside source list 1 pool PUBLIC`	• Maps private IPs to public IPs from a pool on first-come first-served basis • translations created dynamically when inside hosts initiate outbound connections and released when idle
Port Address Translation (PAT)	`ip nat inside source list 1 interface gi0/1 overload`	• Many-to-one translation using unique source port numbers • allows thousands of internal devices to share a single public IP by multiplexing connections through different ports (NAT overload).
Twice NAT	`nat (inside,outside) source dynamic obj-inside interface destination static obj-server obj-server`	• Translates both source and destination addresses simultaneously • used for overlapping IP address spaces or complex multi-site scenarios requiring bidirectional translation
Policy NAT	`ip nat inside source route-map POLICY_MAP pool NAT_POOL`	• NAT decisions based on extended criteria beyond source address—includes destination IP, protocol, or port • enables granular per-application translation policies