Cisco IOS Dynamic NAT Configuration

It’s time to configure dynamic NAT where we use a pool of IP addresses for translation. I’ll use a fairly simple topology with two hosts and 1 router that will perform NAT:

This time we have 2 host routers on the left side and I’m using another subnet. Let’s prepare the host routers:

Host1(config)#no ip routing
Host1(config)#default gateway
Host2(config)#no ip routing
Host2(config)#ip default-gateway

Next step is to configure NAT:

NAT(config)#interface fastEthernet 0/0
NAT(config-if)#ip nat inside 
NAT(config)#interface fastEthernet 1/0
NAT(config-if)#ip nat outside

First we’ll configure the correct inside and outside interfaces. Now I will create a pool with IP addresses that we can use for the translation:

NAT(config)#ip nat pool MYPOOL prefix-length 24

The ip nat pool command lets us create a pool. I’m calling mine “MYPOOL” and I’m using IP address up to We can now select the hosts that we want to translate:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 739 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

542 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Forum Replies

  1. Hello Sumit

    This is a very good question because the terms used with NAT can become very confusing. Let’s say you are the Inside Host and you are connecting to a web server which is the Outside Host like so:


    You can see that the packet leaving the inside host and travelling towards the NAT router has:

    • Source Address: Inside Local - a private address such as
    • Destination address: Outside Local - the public IP address of the outside host such as 2
    ... Continue reading in our forum

  2. Hello Maodo

    Don’t worry, you are reading up on CCNA material. Rene is referring to the fact that the Outside Local and the Outside Global addresses are the same. These however can be configured so that they are different. That is, the destination IP address can also be translated by NAT. It is this configuration alone that is outside of the CCNA curriculum. Not to worry, the rest is definitely covered within the CCNA curriculum.

    I hope this has been helpful!


  3. Thanks for your explanation, Lazaros.

    My question was no so technical. A CCNP lesson telling about CCNA scope ; I thought, it’s Copy/Paste error. Now, I understand that one lesson can belong to CCNA and also be re-used, without any change, in CCNP or CCIE courses. I found below the three (CCNA, CCNP, CCIE) links having the same NAT lesson (the lesson that was originally written for CCNA).


    ... Continue reading in our forum

  4. Hello Sumit

    There are two types of translation entries: Simple and Extended. A simple translation entry maps one IP address to another. The keyword extendable which indicates an extended translation entry indicates that the translation entry will map an IP address and port pair to another. The extended translation includes the port. An example of such a configuration is the following:

    ip nat inside source static tcp 25 25 extendable
    ip nat inside source static tcp 21 21 extendable
    ip nat inside source static t
    ... Continue reading in our forum

  5. Hi Laz,

    Thank you for the reply. I tried it again, reconfigured from scratch, now it worked. Strange… maybe I did something wrong the first time.

    Thank you,

32 more replies! Ask a question or join the discussion by visiting our Community Forum