ip nat inside source static [local-ip] [global-ip]
Configures static NAT to map a single inside local IP address to a single inside global IP address, allowing internal hosts to be reachable from external networks.
ip nat inside source static [local-ip] [global-ip]When to Use This Command
- Making a web server with a private IP address accessible from the internet using a public IP.
- Mapping a mail server's private IP to a public IP for inbound email delivery.
- Providing remote access to an internal device (e.g., VPN concentrator) via a static public IP.
- Hosting multiple services on different internal servers using separate public IPs.
Command Examples
Basic static NAT for a web server
ip nat inside source static 192.168.1.10 203.0.113.10This command creates a one-to-one mapping: any packet from inside host 192.168.1.10 going outside will have its source IP translated to 203.0.113.10, and any packet from outside destined to 203.0.113.10 will be translated to 192.168.1.10.
Verifying static NAT with show ip nat translations
show ip nat translationsPro Inside global Inside local Outside local Outside global --- --------------- --------------- ----------------- ----------------- --- 203.0.113.10 192.168.1.10 --- ---
The output shows the static NAT entry. 'Inside global' is the public IP, 'Inside local' is the private IP. The 'Outside local' and 'Outside global' fields are empty because this is a static entry without dynamic outside mapping.
Understanding the Output
The 'show ip nat translations' command displays all active NAT translations. For static NAT, you will see a permanent entry with the inside local and inside global addresses. The 'Outside local' and 'Outside global' columns are typically empty for static NAT unless you have additional dynamic translations. A healthy static NAT entry should always be present; if it disappears, the configuration may have been removed or the router rebooted without saving. Watch for overlapping translations or incorrect IP addresses.
CCNA Exam Tips
Static NAT requires both 'ip nat inside' on the internal interface and 'ip nat outside' on the external interface to function.
The command does not produce output; use 'show ip nat translations' to verify.
CCNA may test that static NAT entries are permanent and do not time out.
Remember: 'inside source' translates source addresses of packets coming from inside to outside.
Common Mistakes
Forgetting to apply 'ip nat inside' and 'ip nat outside' on the appropriate interfaces.
Using the same global IP for multiple local IPs (static NAT is one-to-one).
Typing the IP addresses in the wrong order (local vs global).
Related Commands
ip nat inside source list [acl] interface [intf] overload
Configures dynamic NAT overload (PAT) to translate multiple inside private IP addresses to a single public IP address using the interface's IP, based on an access list.
show ip nat translations
Displays the current active Network Address Translation (NAT) translations on the router, used to verify NAT operations and troubleshoot connectivity issues.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions