Configuring dynamic NAT in Cisco devices

This article will help you through the steps to configure dynamic NAT on Cisco devices. You will be able to create the corresponding Configlet commands using Network Configuration Manager application. This will help you perform the same operation on multiple devices simultaneously.

With dynamic NAT, you specify two sets of addresses on your Cisco router:

1. Inside addresses that will be translated.
2. A pool of global addresses.

Unlike with static NAT, where you had to manually define a static mapping between a private and a public address, with dynamic NAT the mapping of a local address to a global address happens dynamically. This means that the router dynamically picks an address from the global address pool that is not currently assigned. It can be any address from the pool of global addresses. The dynamic entry stays in the NAT translations table as long as the traffic is exchanged. The entry times out after a period of inactivity and the global IP address can be used for new translations.

If you don't have NCM installed, please click here to download and install the application.

To configure dynamic NAT, the following steps are required:

1. Configure the router’s inside interface using the ip nat inside command
2. Configure the router’s outside interface using the ip nat outside command
3. Configure an ACL that has a list of the inside source addresses that will be translated
4. Configure the pool of global IP addresses using the ip nat pool NAME FIRST_IP_ADDRESS LAST_IP_ADDRESS netmask SUBNET_MASK command
5. Enable dynamic NAT with the ip nat inside source list ACL_NUMBER pool NAME global configuration command

Steps to configure dynamic NAT using CLI.

1. Login to the device using SSH / TELNET and go to enable mode.
2. Go into the config mode.

Router#configure terminal

Enter configuration commands, one per line. End with CNTL/Z.

Router(config)#

3. Configure the router's inside interface

Router(config)#interface fa0/0

Router(config-if)#ip nat inside

Router(config-if)#exit

4. Configure the router's outside interface

Router(config)#interface eth0/0/0

Router(config-if)#ip nat outside

Router(config-if)#exit

5. Configure an ACL that has a list of the inside source addresses that will be translated.

Router(config)#access-list 1 permit 192.168.0.0 0.0.0.255

NOTE:The access list configured above matches all hosts from the 192.168.0.0/24 subnet.

6. Configure the pool of global IP addresses

Router(config)#ip nat pool MY_POOL 4.4.4.1 4.4.4.5 netmask 255.255.255.0

NOTE: The pool configured above consists of 5 addresses: 4.4.4.1, 4.4.4.2, 4.4.4.3, 4.4.4.4, and 4.4.4.5.

7. Enable dynamic NAT

Router(config)#ip nat inside source list 1 pool MY_POOL

NOTE: The command above instructs the router to translate all addresses specified in the access list 1 to the pool of global addresses called MY_POOL.

8. Exit config mode

Router(config)#exit

Router#

9. Execute show ip nat translations command to view the NAT configuration.
10. Copy the running configuration into startup configuration using below command

Router#write memory

Building configuration... [OK]

Router#

The corresponding configlet can be created in NCM application as shown in below screenshot.

Also you can click the below button to download the Configlet as XML and import it into NCM application using file import option.