Search

Home >> Knowledgebase >> Cisco Certified Network Associate (CCNA) >> How to configure Dynamic NAT in a Cisco Router

How to configure Dynamic NAT in a Cisco Router

Dynamic NAT is another NAT (Network Address Translation) technology which allows the address translation of a private IP address to a pool of public IP addresses configured on the NAT router. Dynamic NAT is mostly used when inside computers configured with private IP addresses needs to access outside public internet.

The main difference between Static NAT and Dynamic NAT is that Static NAT allows a remote host to connect to an inside private IP addresses configured computer and Dynamic NAT allows a group of private IP addresses to connect to public internet, using the public IP address pool (a range of public IP addresses). The configured public IP address pool (a range of public IP addresses) typically has fewer addresses than the inside private IP addresses.

Dynamic NAT is is typically used for providing internet access to a private network. But the problem with Dynamic NAT is that the number of public IP addresses in the NAT pool may not be sufficiant for mapping large number of computers configured with private IP addresses.

 

To configure Dynamic NAT on a Cisco router, first you need to create an access list to identify the group of private inside IPv4 addresses, which are allowed for NAT translation. That can be done by creating a standard IP access list.

Then you have to create a pool of public IP addresses (which your ISP (internet service provider) has allocated to you).

After creating an IP access list to identify the traffic and a pool of public IP addresses which your ISP (internet service provider) has allocated to you, you must configure NAT using “ip nat” command. Finally you must specify which is inside interface and which is outside interface.

Dynamic NAT lab

The configuration commands to configure Dynamic NAT is shown below.

omnisecu.com.R1>enable
omnisecu.com.R1#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
omnisecu.com.R1(config)#access-list 10 permit 172.18.122.0 0.0.0.255
omnisecu.com.R1(config)#ip nat pool omnisecupool 108.160.236.230 108.160.236.239 netmask 255.255.255.0
omnisecu.com.R1(config)#ip nat inside source list 10 pool omnisecupool
omnisecu.com.R1(config)#interface fa0/0
omnisecu.com.R1(config-if)#ip nat inside
omnisecu.com.R1(config-if)#exit
omnisecu.com.R1(config)#int fa0/1
omnisecu.com.R1(config-if)#ip nat outside
omnisecu.com.R1(config-if)#exit
omnisecu.com.R1(config)#exit
omnisecu.com.R1#
<< How to configure static NAT in a Cisco Router
How to configure PAT (Port Address Translation or NAT overload) in a Cisco Router >>
Related Tutorials
• IPv4 Addresses
• Private IPv4 Addresses
• What is NAT (Network Address Translation)
• What are the Advantages and Disadvantages of NAT (Network Address Translation)
• Different types of NAT - Static NAT, Dynamic NAT and PAT
• NAT Address types - Inside Local, Inside Global, Outside Local, Outside Global
• How to configure static NAT in a Cisco Router
• How to configure dynamic NAT in a Cisco Router
• How to configure PAT (Port Address Translation or NAT overload) in a Cisco Router