Static NAT

A static NAT implementation is one in which each private internal IP address is mapped to unique public external IP address. This technique involves defining a static NAT table on the router that maps each internal private address to its external public counterpart. Consider the example illustrated in the figure below. It shows a small network consisting of five client systems, each configured with a private address in the range. The router is configured for NAT, and has five external public addresses. The NAT table shown in the example illustrates the mapping between the private and public addresses.

Figure: With static NAT, each internal private address that requires access to the Internet is mapped to a dedicated public IP address.

With static NAT, when client attempts to access an Internet resource, the request will be forwarded to its configured default gateway, When the router receives this packet, it will change the source address to, as per the information stored in the NAT table. When the destination web server receives the request, it considers it to have originated from This is also the address to which the subsequent reply will be sent. Once received by the router, it will check its NAT table, and will again translate the packet such that its destination address is changed to The packet will then be forwarded to the internal client.

Companies generally don’t implement static NAT for the purpose of allowing internal hosts to gain access to the Internet. It is simply too time consuming to build the NAT table, and companies often do not have an available public IP address for each and every internal host. Instead, static NAT is most often used in order to allow Internet hosts to gain access to internal servers. This will be discussed shortly.

Author: Dan DiNicolo

Dan DiNicolo is a freelance author, consultant, trainer, and the managing editor of He is the author of the CCNA Study Guide found on this site, as well as many books including the PC Magazine titles Windows XP Security Solutions and Windows Vista Security Solutions. Click here to contact Dan.