Are you sure you want to cancel your subscription?

If you cancel, your subscription will remain active through the paid term. You will be able to reactivate the subscription until that date.

Sorry to see you go

Your subscription will remain active until . If you change your mind, you may rectivate your subscription anytime before that date.

Are you sure you want to reactivate?
Welcome Back!

Your subscription has been reactivated and you will continue to be charged on .

Reactivate Subscription

Thank you for choosing to reactivate your subscription. In order to lock in your previous subscription rate, you owe: .

Your Subscription term is from - .

Questions? Call Sales.

Payment Due:

Auto-Renew Subscription

To auto-renew your subscription you need to select or enter your payment method in "Your Account" under Manage Payments.

Click continue to set up your payments.

CBT Nuggets License Agreement

Unless otherwise stated all references to “training videos” or to “videos” includes both individual videos within a series, entire series, series packages, and streaming subscription access to CBT Nuggets content. All references to CBT or CBT Nuggets shall mean CBT Nuggets LLC, a Delaware limited liability company located at 44 Country Club Road, Ste. 150, Eugene, Oregon.

A CBT Nuggets license is defined as a single user license. Accounts may purchase multiple users, and each user is assigned a single license.

  • GRANT OF LICENSE. CBT Nuggets grants you a non-transferable, non-exclusive license to use the training videos contained in this package or streaming subscription access to CBT content (the “Products”), solely for internal use by your business or for your own personal use. You may not copy, reproduce, reverse engineer, translate, port, modify or make derivative works of the Products without the express consent of CBT. You may not rent, disclose, publish, sell, assign, lease, sublicense, market, or transfer the Products or use them in any manner not expressly authorized by this Agreement without the express consent of CBT. You shall not derive or attempt to derive the source code, source files or structure of all or any portion of the Products by reverse engineering, disassembly, decompilation or any other means. You do not receive any, and CBT Nuggets retains all, ownership rights in the Products. The Products are copyrighted and may not be copied, distributed or reproduced in any form, in whole or in part even if modified or merged with other Products. You shall not alter or remove any copyright notice or proprietary legend contained in or on the Products.
  • TERMINATION OF LICENSE. Once any applicable subscription period has concluded, the license granted by this Agreement shall immediately terminate and you shall have no further right to access, review or use in any manner any CBT Nuggets content. CBT reserves the right to terminate your subscription if, at its sole discretion, CBT believes you are in violation of this Agreement. CBT reserves the right to terminate your subscription if, at its sole discretion, CBT believes you have exceeded reasonable usage. In these events no refund will be made of any amounts previously paid to CBT.
  • DISCLAIMER OF WARRANTY AND LIABILITY. The products are provided to you on an “as is” and “with all faults” basis. You assume the entire risk of loss in using the products. The products are complex and may contain some nonconformities, defects or errors. CBT Nuggets does not warrant that the products will meet your needs, “expectations or intended use,” that operations of the products will be error-free or uninterrupted, or that all nonconformities can or will be corrected. CBT Nuggets makes and user receives no warranty, whether express or implied, and all warranties of merchantability, title, and fitness for any particular purpose are expressly excluded. In no event shall CBT Nuggets be liable to you or any third party for any damages, claim or loss incurred (including, without limitation, compensatory, incidental, indirect, special, consequential or exemplary damages, lost profits, lost sales or business, expenditures, investments, or commitments in connection with any business, loss of any goodwill, or damages resulting from lost data or inability to use data) irrespective of whether CBT Nuggets has been informed of, knew of, or should have known of the likelihood of such damages. This limitation applies to all causes of action in the aggregate including without limitation breach of contract, breach of warranty, negligence, strict liability, misrepresentation, and other torts. In no event shall CBT Nuggets’ liability to you or any third party exceed $100.00.
  • REMEDIES. In the event of any breach of the terms of the Agreement CBT reserves the right to seek and recover damages for such breach, including but not limited to damages for copyright infringement and for unauthorized use of CBT content. CBT also reserves the right to seek and obtain injunctive relief in addition to all other remedies at law or in equity.
  • MISCELLANEOUS. This is the exclusive Agreement between CBT Nuggets and you regarding its subject matter. You may not assign any part of this Agreement without CBT Nuggets’ prior written consent. This Agreement shall be governed by the laws of the State of Oregon and venue of any legal proceeding shall be in Lane County, Oregon. In any proceeding to enforce or interpret this Agreement, the prevailing party shall be entitled to recover from the losing party reasonable attorney fees, costs and expenses incurred by the prevailing party before and at any trial, arbitration, bankruptcy or other proceeding and in any appeal or review. You shall pay any sales tax, use tax, excise, duty or any other form of tax relating to the Products or transactions. If any provision of this Agreement is declared invalid or unenforceable, the remaining provisions of this Agreement shall remain in effect. Any notice to CBT under this Agreement shall be delivered by U.S. certified mail, return receipt requested, or by overnight courier to CBT Nuggets at the following address: 44 Club Rd Suite 150, Eugene, OR 97401 or such other address as CBT may designate.

CBT Nuggets reserves the right, in its sole discretion, to change, modify, add, or remove all or part of the License Agreement at any time, with or without notice.

Billing Agreement

  • By entering into a Billing Agreement with CBT Nuggets, you authorize CBT Nuggets to use automatic billing and to charge your credit card on a recurring basis.
  • You agree to pay subscription charges on a monthly basis, under the following terms and conditions:
    • CBT Nuggets will periodically charge your credit card each monthly billing cycle as your subscription charges become due;
    • All payments are non-refundable and charges made to the credit card under this agreement will constitute in effect a "sales receipt" and confirmation that services were rendered and received;
    • To terminate the recurring billing process and/or arrange for an alternative method of payment, you must notify CBT Nuggets at least 24 hours prior to the end of the monthly billing cycle;
    • You will not dispute CBT Nugget’s recurring billing charges with your credit card issuer so long as the amount in question was for periods prior to the receipt and acknowledgement of a written request to cancel your account or cancel individual licenses on your account.
  • You guarantee and warrant that you are the legal cardholder for the credit card associated with the account, and that you are legally authorized to enter into this recurring billing agreement.
  • You agree to indemnify, defend and hold CBT Nuggets harmless, against any liability pursuant to this authorization.
  • You agree that CBT Nuggets is not obligated to verify or confirm the amount for the purpose of processing these types of payments. You acknowledge and agree that Recurring Payments may be variable and scheduled to occur at certain times.
  • If your payment requires a currency conversion by us, the amount of the currency conversion fee will be determined at the time of your payment. You acknowledge that the exchange rate determined at the time of each payment transaction will differ and you agree to the future execution of payments being based on fluctuating exchange rates.

CBT Nuggets reserves the right, in its sole discretion, to change, modify, add, or remove all or part of the Billing Agreement at any time, with or without notice.

Cisco CCNA ICND2 640-816

NAT: Understanding the Three Styles of NAT

This video is only available to subscribers.
Start your 7-day free trial today.

A free trial includes:

  • Unlimited 24/7 access to our entire IT training video library.
  • Ability to train on the go with our mobile website and iOS/Android apps.
  • Note-taking, bookmarking, speed control, and closed captioning features.
Video Titles Duration
1. Review: Rebuilding the Small Office Network, Part 1
2. Review: Rebuilding the Small Office Network, Part 2
3. Review: Rebuilding the Small Office Network, Part 3
4. Switch VLANs: Understanding VLANs
5. Switch VLANs: Understanding Trunks and VTP
6. Switch VLANs: Configuring VLANs and VTP, Part 1
7. Switch VLANs: Configuring VLANs and VTP, Part 2
8. Switch STP: Understanding the Spanning-Tree Protocol
9. Switch STP: Configuring Basic STP
10. Switch STP: Enhancements to STP
11. General Switching: Troubleshooting and Security Best Practices
12. Subnetting: Understanding VLSM
13. Routing Protocols: Distance Vector vs. Link State
14. Routing Protocols: OSPF Concepts
15. Routing Protocols: OSPF Configuration and Troubleshooting
16. Routing Protocols: EIGRP Concepts and Configuration
17. Access-Lists: The Rules of the ACL
18. Access-Lists: Configuring ACLs
19. Access-Lists: Configuring ACLs, Part 2
20. NAT: Understanding the Three Styles of NAT
21. NAT: Command-line NAT Configuration
22. WAN Connections: Concepts of VPN Technology
23. WAN Connections: Implementing PPP Authentication
24. WAN Connections: Understanding Frame Relay
25. WAN Connections: Configuring Frame Relay
26. IPv6: Understanding Basic Concepts and Addressing
27. IPv6: Configuring, Routing, and Interoperating
28. Certification: Some Last Words for Test Takers
29. Advanced TCP/IP: Working with Binary
30. Advanced TCP/IP: IP Subnetting, Part 1
31. Advanced TCP/IP: IP Subnetting, Part 2
32. Advanced TCP/IP: IP Subnetting, Part 3

Review: Rebuilding the Small Office Network, Part 1

Review: Rebuilding the Small Office Network, Part 2

Review: Rebuilding the Small Office Network, Part 3

Switch VLANs: Understanding VLANs

Switch VLANs: Understanding Trunks and VTP

Switch VLANs: Configuring VLANs and VTP, Part 1

Switch VLANs: Configuring VLANs and VTP, Part 2

Switch STP: Understanding the Spanning-Tree Protocol

Switch STP: Configuring Basic STP

Switch STP: Enhancements to STP

General Switching: Troubleshooting and Security Best Practices

Subnetting: Understanding VLSM

Routing Protocols: Distance Vector vs. Link State

Routing Protocols: OSPF Concepts

Routing Protocols: OSPF Configuration and Troubleshooting

Routing Protocols: EIGRP Concepts and Configuration

Access-Lists: The Rules of the ACL

Access-Lists: Configuring ACLs

Access-Lists: Configuring ACLs, Part 2

NAT: Understanding the Three Styles of NAT

00:00:01 - Oh, it is a rainy day out here in Phoenix, Arizona. I know that may
00:00:06 - not sound like that big of a deal, but it is for us. We, we get
00:00:10 - rain so rarely. The last I actually heard on the news. The
00:00:14 - last time we got rain was eight months ago, and it was just a drizzle, so
00:00:18 - whenever it rains here, you know, all the children run out and look at the sky
00:00:21 - and they, oh, water from the sky, you know, and where it's
00:00:25 - it's amazing, and I love the rain. Rain is a novelty here and
00:00:29 - but I don't know how I could live in, in a place where there's
00:00:32 - a lot of rain, because every time, I'm looking out the window right
00:00:35 - now, cloudy skies, I just, I, I've got my cup of hot cocoa right here.
00:00:41 - I just wanna,
00:00:42 - I don't know, curl up and talk about NAT. That's, that's what
00:00:46 - we're gonna do. We're gonna look at Network Address Translation,
00:00:50 - because this is a big
00:00:53 - function of just about every network that's in existence today.
00:00:58 - Network Address Translation allows you to translate your corporate
00:01:01 - private addresses into the public addresses that work on
00:01:04 - the internet. At least that's the most common use. So we're gonna look
00:01:06 - look at this introductory video, at the three major forms of
00:01:10 - NAT, Dynamic NAT, NAT Overload and Static NAT. Once we wrap
00:01:15 - up here, and the next video, we'll talk about how to set them
00:01:18 - all up.
00:01:19 - Now NAT was a topic that we discussed in the ICND one series,
00:01:23 - but the primary use that we talked about in there, was just
00:01:27 - overloading and external IP address, so multiple internal
00:01:31 - clients can access the internet, and while that is the most
00:01:34 - common use of NAT, there's many more things you can use it
00:01:38 - for. The first one is Dynamic NAT. Now this is a typical picture
00:01:44 - of using Dynamic NAT to translate inside addresses to outside
00:01:48 - addresses as you access the internet. Now it sounds just like
00:01:51 - what I described, but you'll notice that it is a one to one
00:01:54 - translation. As these clients go out from the internal network,
00:01:59 - they are signed a public address, and it will stay there for
00:02:02 - as long as that session remains. So if it's a TCP session,
00:02:06 - there's a certain time out. Once it ends, that public address goes
00:02:09 - back into the pool. Now, likewise with Dynamic NAT, you can have
00:02:13 - it translate the other way. I can go from outside to inside, and
00:02:16 - it can rotate around. Now you might be thinking, well where would that
00:02:20 - be used. I'll tell you the most common place where you see Dynamic
00:02:24 - NAT used, is to solve problems with addressing.
00:02:29 - The problem that I'm mainly talking about, is overlapping addresses.
00:02:32 - Let's say, you've got, I'll try and squeeze it in over here. Oh, hang on,
00:02:40 - let me do a quick little shindig. Let's say you've got an organization
00:02:45 - over here that has a router, and organization A acquires organization
00:02:51 - B, over here on the right hand side. Now
00:02:55 - they did not plan in, in their acquisition system, that they
00:03:01 - would have overlapping addresses, and maybe the A organization
00:03:04 - decided to use the ten range, all ten addresses over here, and
00:03:08 - the B organization also used ten addresses. Well you can't have that,
00:03:12 - because that's gonna be duplication. What you can do with
00:03:15 - Dynamic NAT, is set up a pool, meaning, when organization, organization
00:03:20 - A accesses organisation B, it will look as though they're
00:03:25 - coming from, we'll say, 172.16. something,
00:03:29 - and when organization B accesses organization A, it
00:03:34 - will look like they're coming from 172.17. something.
00:03:36 - That's one form of Dynamic NAT that's able
00:03:40 - to handle
00:03:42 - dynamic translations for overlapping networks. So, while
00:03:47 - both of these people are using ten networks, as they access
00:03:51 - each other, they'll become different addresses, so the devices
00:03:54 - will think, oh, well there's no problem. Now
00:03:58 - I know this may just seem illogical, because if I were an organization
00:04:02 - B and maybe I pinged an address,,
00:04:06 - that also existed in organization A, well
00:04:10 - how does the router know which
00:04:14 - you're talking about, since we have overlapping addresses.
00:04:18 - Well, Dynamic NAT, when you're using it in this system, does not
00:04:22 - work with
00:04:25 - IP addresses. Let me explain. If you have to have overlapping
00:04:30 - addresses, which some organizations do for a time, it requires
00:04:34 - the use of DNS server, and let's say organization B, you know, we're
00:04:39 - IT people, we usually think in terms of addresses, but
00:04:42 - normal people think in terms of names, DNS names, and let's
00:04:46 - say organization B accesses a server in organization A, that
00:04:50 - is, we'll, we'll call it, CORPSRV,
00:04:56 - and CORPSRV is the one that is mapped to that
00:04:58 - Well, as soon as the request goes out
00:05:02 - for CORPSRV, that will be passed to a DNS server
00:05:06 - through the router. Now as the DNS server replies, the router
00:05:10 - realizes, whoa, that's an address over here on the other side,
00:05:14 - meaning, that's something from organization A they're trying
00:05:17 - to access. So as the DNS reply comes back, the router will
00:05:22 - rewrite the address to be 172.17. something,
00:05:25 - and dynamically map. How, how are you even understanding
00:05:29 - any of this scribble I have on here? It will dynamically map it to something
00:05:33 - over there in organization A. So the point, let me draw it simpler down
00:05:37 - here, is you can have DNS here returning responses to names
00:05:42 - as it comes through the router. The router will hide what
00:05:45 - real address it is in organization A, and make it 172.17 or
00:05:49 - 16. something, or whatever organization A
00:05:52 - was using, so that when this pc gets it, it goes, oh, well I'll send it
00:05:56 - that to my default gateway. It's the gateway NAT, Dynamic
00:06:00 - NAT translates it over to the real address
00:06:04 - of the corporate server in organization A.
00:06:08 - So you can see Dynamic NAT. What it does, is just do one
00:06:11 - to one address translations. In its simplest form, I can define
00:06:15 - a pool of addresses on one side, and a pool on the other side,
00:06:18 - and that pool goes to that pool and vice versa, but you can also
00:06:22 - use it for some pretty complex stuff like,
00:06:25 - overlapping addresses, and that is the most common use of dynamic
00:06:30 - NAT. Now with that being said, Dynamic NAT is the least common
00:06:35 - form used.
00:06:37 - The most common form of NAT that's used, is called NAT Overload.
00:06:40 - and this is where multiple devices share a single address. Now
00:06:45 - this is the form of NAT that allowed us to overcome the IP
00:06:48 - address shortage on the internet, by using that sharing system
00:06:52 - Here's the way it works. We will have a router that's connected
00:06:55 - to the internet, and we'll say our corporate network behind here
00:06:58 - is using 192.168.1 addresses,
00:07:01 - so we'll say,
00:07:06 - exists on this network. Now as these clients
00:07:10 - will say, we've got 50 and 51. As these clients go
00:07:14 - out and access the internet, they will share the same public
00:07:18 - address, and the response will come back to that public address
00:07:21 - and forward it to these internal clients. Now this is possible, because
00:07:26 - NAT Overload uses port numbers. That's why you see my
00:07:31 - little note on the bottom. This form of NAT is commonly called
00:07:34 - PAT or Port Address Translation. Now, the rumor goes, that
00:07:39 - Microsoft actually came up with that term, but NAT Overload
00:07:43 - is the technically accurate term to describe this. So the way
00:07:47 - it works is, when you open a web browser or any, I'll say any
00:07:52 - network application on your pc, we'll just say a web browser,
00:07:55 - and go to,
00:08:01 - the operating system dynamically generates a source port
00:08:05 - number. We'll say 1536, in this case. Now that source port
00:08:10 - number is, when traffic comes back to that client, it will
00:08:14 - be sent to that port number, so it knows to put it in the right
00:08:17 - Internet Explorer window. I mean, think about this, look at
00:08:19 - your computer right now. You probably have this video open, along
00:08:23 - with many other applications. For example, if you're using a Windows
00:08:27 - Vista, in my opinion the ultimate waste of time operating system,
00:08:32 - and, and I say that not as a slam against Vista, but there's so many
00:08:35 - gadgets in there that just waste time, and you, you look at your
00:08:39 - little gadget bar on the right hand side, and it's got news
00:08:42 - headlines that are constantly being streamed in, stock quotes
00:08:46 - You've got pictures from the internet, all kinds of stuff that's
00:08:49 - just constantly coming in. Well, Vista, or whatever operating system
00:08:53 - you're using, has to have a way to separate all that, so it knows
00:08:57 - oh, this data coming in on my network card goes to the stock
00:09:01 - quote portion. This one goes to the web browser window. This
00:09:03 - one is streaming radio that you're, you're listening to on the internet.
00:09:07 - hopefully not while I'm talking, but, well, take, take an example. If you're
00:09:11 - using a streaming subscription to CBT nuggets, right now, my voice,
00:09:15 - the words that are coming out of my mouth, are streaming to
00:09:18 - you into a specific port number on your pc, and that's how it
00:09:23 - knows what application to send it to, which is playing it out the
00:09:26 - speakers. Wow. That's deep. So anyway, you open a web browser and
00:09:32 - that operating system generates just port number 1536.
00:09:35 - It could be any port number
00:09:38 - that's out of the, well, what's considered the well known port
00:09:41 - number range. It's gonna go to the destination of,
00:09:46 - on port destination port 80, and that's
00:09:50 - how this CISCO web server knows you're needing to be sent to
00:09:54 - the web server application. You're not sending email or anything
00:09:57 - like that. You're looking for a web page. Well, as it goes through
00:10:01 - the router, as this arrow in the middle happens, the NAT Overload process
00:10:06 - sees that request and says, okay, you came in on
00:10:10 - so, I will
00:10:13 - send you out on
00:10:17 - as the source port number, and that's when CISCO
00:10:21 - replies back. It will be replying to the destination port 1536
00:10:24 - and that public IP address, and when your router get's it,
00:10:28 - looks at this table. This is known as a NAT translation
00:10:31 - table. We'll see it when we look at the configuration, and it looks
00:10:35 - at this table and goes, oh, 1536, right, that's mapped
00:10:38 - over here to,
00:10:41 - and poof, you get the web page back. Now that could be happening
00:10:46 - at exactly the same time as this pc. Let's just say, for sake
00:10:52 - of argument, that this pc, at exactly the same time, the
00:10:56 - exact, we'll say, second, open a web browser window, and its operating
00:11:01 - system generated 6751, and that, at, at the same
00:11:06 - time, you know, CISCO's a popular place to go. They went
00:11:09 - to as well, at exactly the same time. Well that's
00:11:11 - okay, because they both have different source port numbers, so
00:11:15 - even though two identical requests, saying CISCO, send me your home
00:11:20 - page, is coming into the CISCO web server at the same time, it
00:11:23 - sees them as different, because they're coming from different
00:11:27 - source port numbers, and when it sends information back, the
00:11:31 - router has no problem handling that, because it says, oh, well you're
00:11:34 - coming to one port number and you're going to another. So I,
00:11:37 - I have in my table what host to send you to.
00:11:41 - Now let's talk about an exception. You might know, that there are
00:11:46 - 0-65,535
00:11:51 - different port numbers that are available for TCP and UDP.
00:11:55 - Now, as applications are running on a busy network, I mean, you might
00:11:58 - have a computer that has 50 different network applications
00:12:01 - open at a time, using up 50 different port numbers. Now you
00:12:05 - might think, as you start pondering, things that could happen.
00:12:08 - What if two devices happen to generate the same source port number
00:12:15 - at the same time? What then? I mean, what, how would it handle that?
00:12:20 - and when both of those requests came to the router, and
00:12:24 - they were both using, we'll say source port 6751,
00:12:28 - The router's prepared for that, because that's actually a
00:12:32 - very common
00:12:34 - circumstance, because with a busy network and lots of applications,
00:12:38 - you can get into thousands of port numbers in a new set of
00:12:40 - time, so the chance is multiple computers will use the same one. The router
00:12:44 - has no problem handling that. Whichever one gets there first,
00:12:48 - and there will be a first, you know, because the router can only
00:12:50 - receive one packet at a time, so one will be one millisecond
00:12:53 - behind the other. Whichever one gets there first, will get the
00:12:57 - 6751 and go out as that. Now once the other
00:13:01 - one, we'll say
00:13:04 - comes in with the source of 6751. As that
00:13:08 - comes in, the router looks and goes, oh, sorry man, 6751 is
00:13:13 - in use. I'll just give you the next free port, so what we'll map
00:13:18 -
00:13:22 - to, we'll say 6751
00:13:26 - 6752.
00:13:28 - It seems too simple, right. That, but that's all it does, it
00:13:31 - just takes the next available port number, and now, when the, the
00:13:34 - communication comes back to 6752, it looks and
00:13:38 - says, oh, well I'll translate that port. Now you
00:13:42 - see why we call it PAT, port address translation. I'll translate
00:13:46 - that port back to the original that was sent from the client
00:13:49 - six seven five one
00:13:51 - Finally, the last form of NAT is known as Static NAT. This
00:13:57 - form is typically used for hosting servers inside of your network.
00:14:01 - For example, we have private addresses here, 192.168.50 and 51,
00:14:05 - and so on. Those private addresses,
00:14:08 - since they are private, are not accessible from the internet.
00:14:12 - That's the whole definition of private, is that it is unroutable
00:14:15 - by internet routers, so we have to use Static NAT to map public
00:14:21 - IP addresses here to private ones, so when somebody wants to
00:14:24 - access, maybe we have a internal web server. Maybe that's this
00:14:27 - guy running out our company. We can forward that request
00:14:31 - into the internal web server, and allow people to access it.
00:14:34 - That's known as a Static NAT mapping. So here's the idea.
00:14:39 - Static NAT is usually combined with NAT Overload, NAT Overload
00:14:44 - to provide outbound access so normal people can just surf the
00:14:47 - net and whatever else they need internet access for, and Static
00:14:51 - NAT for the internal. So what I did was show you the NAT
00:14:54 - table right here, and you can see this top IP address is still doing
00:14:58 - some form of NAT Overload. You can see source port number is
00:15:01 - going through and being translated, and the bottom one has a
00:15:04 - little Static entry here saying, I have statically mapped
00:15:08 - to
00:15:12 -
00:15:14 - Now, the Static NAT translations are usually done two ways. I should
00:15:19 - say, always done two ways, meaning, if I statically NAT
00:15:23 - to this public address, every
00:15:26 - time that server goes out and accesses the internet, the internet
00:15:30 - will see it as this public address. It doesn't get thrown in
00:15:34 - the NAT overload pool like the rest of these devices out here,
00:15:38 - and any time someone on the internet accesses that public
00:15:40 - address,, it will be forwarded down here
00:15:44 - to this pc. It's two ways, inbound and outbound.
00:15:49 - Now keep in mind, whenever we do Static NATS, or I should say
00:15:53 - any form of NAT, we do not have to have those IP addresses
00:15:58 - assigned to this interface of the router. It seems kind of strange,
00:16:03 - but this, this interface, you know, we'll, we'll call it, this is
00:16:06 - just say it's fastEthernet zero,
00:16:09 - it might be assigned the address Now
00:16:12 - I can say I might want to use that address for NAT Overload,
00:16:15 - and so everybody pretends they are the router as they go out,
00:16:18 - but
00:16:22 - is not assigned anywhere. It's not the address on this, this
00:16:25 - interface right here, yet we haven't assigned it to a loop pack interface
00:16:29 - or some mystery interface. It's just part of the NAT process.
00:16:34 - So when somebody accesses, our ISP knows
00:16:39 - to route that packet to our router, who, whenever they see that,
00:16:43 - looks at it and says, oh, I have a NAT mapping for you. You may not
00:16:46 - be assigned to my interface, but I have a NAT mapping saying
00:16:49 - that you should become 1.51. Now,
00:16:52 - Static NAT, as I'll show you as we get into the configuration,
00:16:56 - can get far more granular than doing a full one to one IP
00:17:01 - address translation, meaning, right here, I said that I had a
00:17:04 - web server at, and I
00:17:08 - mapped this full address to that pc,
00:17:12 - but maybe, let's expand our diagram here, maybe in my
00:17:16 - company, I also happen to have an email server which is
00:17:20 - that, that I would
00:17:24 - like to allow access to as well, so I can receive emails from
00:17:28 - the outside world. Well, unfortunately, you know, the, the company
00:17:33 - that I'm with, my ISP, only gave me two public addresses. Now
00:17:37 - what do I do?
00:17:38 - Well, Static NAT can be combined with port numbers. So what
00:17:43 - I can do, is I can say on
00:17:47 - TCP port 80.
00:17:50 - We'll forward packets into the web server on port 80, but
00:17:56 - if I receive a request on
00:17:59 - port 25,
00:18:04 - I will forward that to
00:18:08 - on TCP port 25. So we can actually split
00:18:13 - a public address among multiple internal servers, and you can
00:18:16 - actually chop this thing up with as, as many servers as you like
00:18:20 - as long as you have port numbers. Now, for example, if I had another
00:18:24 - web server inside of here, maybe I had two web servers. I mean, port
00:18:27 - 80 is already used up, so I can't somehow magically translate
00:18:33 - some second port 80 into that, because we've used that port
00:18:36 - on that public address, but this feature is really cool, because
00:18:40 - it lets you use every public address to the max, meaning, instead
00:18:44 - of assigning a full IP address to a web server when it only
00:18:47 - needs port 80, we can chop it up and do as many servers as we want,
00:18:51 - as long as we have unique port numbers,
00:18:54 - and those are the three forms of NAT that we will be configuring
00:18:58 - in the upcoming video on configuring NAT. That will be also
00:19:02 - one big difference between ICD 1 and ICD 2 see in the two back
00:19:06 - we used the SDM, Security Device Manager,
00:19:10 - the graphic interface to set up NAT. In this, the CCNA and
00:19:15 - ICD 2, we will be using the command line, which is
00:19:19 - far more powerful than what the graphic interface can do. So
00:19:24 - we saw dynamic NAT, and what Dynamic NAT is used for, is
00:19:27 - to convert one pool of addresses to another, so I can say all
00:19:32 - of these private addresses translate over to these public addresses,
00:19:36 - or I can use that for overlapping addresses, so I can overcome
00:19:41 - that issue in an organization. We saw NAT Overload, which
00:19:46 - is allowing you to overload one public address for many internal
00:19:50 - private addresses, and finally we saw Static NAT, which is used
00:19:54 - to allow you to host internal servers. I hope this has been informative
00:19:58 - for you, and I'd like to thank you for viewing.

NAT: Command-line NAT Configuration

WAN Connections: Concepts of VPN Technology

WAN Connections: Implementing PPP Authentication

WAN Connections: Understanding Frame Relay

WAN Connections: Configuring Frame Relay

IPv6: Understanding Basic Concepts and Addressing

IPv6: Configuring, Routing, and Interoperating

Certification: Some Last Words for Test Takers

Advanced TCP/IP: Working with Binary

Advanced TCP/IP: IP Subnetting, Part 1

Advanced TCP/IP: IP Subnetting, Part 2

Advanced TCP/IP: IP Subnetting, Part 3

This forum is for community use – trainers will not participate in conversations. Share your thoughts on training content and engage with other members of the CBT Nuggets community. For customer service questions, please contact our support team. The views expressed in comments reflect those of the author and not of CBT Nuggets. We reserve the right to remove comments that do not adhere to our community standards.

comments powered by Disqus
Community Standards

We encourage you to share your wisdom, opinions, and questions with the CBT Nuggets community. To keep things civil, we have established the following policy.

We reserve the right not to post comments that:
contain obscene, indecent, or profane language; contain threats or defamatory statements; contain personal attacks; contain hate speech directed at race, color, sex, sexual orientation, national origin, ethnicity, age, religion, or disability; contributes to a hostile atmosphere; or promotes or endorses services or products. Non-commercial links, if relevant to the topic, are acceptable. Comments are not moderated, however, all comments will automatically be filtered for content that might violate our comment policies. If your comment is flagged by our filter, it will not be published.

We will be continually monitoring published comments and any content that violates our policies will be removed. Users who repeatedly violate our comments policy may be prohibited from commenting.

Course Features

Speed Control

Play videos at a faster or slower pace.


Pick up where you left off watching a video.


Jot down information to refer back to at a later time.

Closed Captions

Follow what the trainers are saying with ease.

MP3 Downloads

Listen to videos anytime, anywhere
Jeremy Cioara

Jeremy Cioara

CBT Nuggets Trainer

Cisco CCNA, CCDA, CCNA Security, CCNA Voice, CCNP, CCSP, CCVP, CCDP, CCIE R&S; Amazon Web Services CSA; Microsoft MCP, MCSE, Novell CNA, CNE; CompTIA A+, Network+, iNet+

Area Of Expertise:
Cisco network administration and development. Author or coauthor of numerous books, including: CCNA Voice 640-461 Official Cert Guide; CCNA Voice Official Exam Certification Guide (640-460 IIUC); CCENT Exam Prep (Exam 640-822); CCNA Exam Cram (Exam 640-802) 3rd Edition; and CCNA Voice 640-461 Official Cert Guide.

Add training to a playlist
or create a new list
Add to current playlist
or add to an existing list
Add to new playlist
Add New Bookmark

NAT: Understanding the Three Styles of NAT
Bookmark Title:

Login is required to access this feature.

Your browser cannot access Virtual Labs
Video Options

This advanced buffering is applied to all streams regardless if you installed the doublespeed control or not. Sometimes the advanced buffering causes the video to hang or behave erratically. If you are experienceing issues with video playback please disable the doublespeed buffer.

Remember to re-enable the buffer if you want to use the doublespeed control.

If you are experiencing problems with our content delivery, please click here to switch to our alternate content delivery network or go to our network FAQ.
For other common video playback issues, including firewall and corporate network issues, please visit our Tech Support forum.