How to configure Dynamic NAT on Cisco IOS Router

It’s time to configure dynamic NAT where we use a pool of IP addresses for translation. I’ll use a fairly simple topology with two hosts and 1 router that will perform NAT:

This time we have 2 host routers on the left side and I’m using another subnet. Let’s prepare the host routers:

Host1(config)#no ip routing
Host1(config)#default gateway 192.168.123.3

Host2(config)#no ip routing
Host2(config)#ip default-gateway 192.168.123.3

Next step is to configure NAT:

NAT(config)#interface fastEthernet 0/0
NAT(config-if)#ip nat inside

NAT(config)#interface fastEthernet 1/0
NAT(config-if)#ip nat outside

First we’ll configure the correct inside and outside interfaces. Now I will create a pool with IP addresses that we can use for the translation:

NAT(config)#ip nat pool MYPOOL 192.168.23.10 192.168.23.20 prefix-length 24

The ip nat pool command lets us create a pool. I’m calling mine “MYPOOL” and I’m using IP address 192.168.23.10 up to 192.168.23.20. We can now select the hosts that we want to translate:

Forum Replies

Hello Sumit

This is a very good question because the terms used with NAT can become very confusing. Let’s say you are the Inside Host and you are connecting to a web server which is the Outside Host like so:

//cdn-forum.networklessons.com/uploads/default/original/1X/eb1ecaeb2f794f41704468d582b014dced2ffa16.png

You can see that the packet leaving the inside host and travelling towards the NAT router has:

Source Address: Inside Local - a private address such as 10.10.10.5
Destination address: Outside Local - the public IP address of the outside host such as 2

... Continue reading in our forum

Hello Maodo

Don’t worry, you are reading up on CCNA material. Rene is referring to the fact that the Outside Local and the Outside Global addresses are the same. These however can be configured so that they are different. That is, the destination IP address can also be translated by NAT. It is this configuration alone that is outside of the CCNA curriculum. Not to worry, the rest is definitely covered within the CCNA curriculum.

I hope this has been helpful!

Laz

Thanks for your explanation, Lazaros.

My question was no so technical. A CCNP lesson telling about CCNA scope ; I thought, it’s Copy/Paste error. Now, I understand that one lesson can belong to CCNA and also be re-used, without any change, in CCNP or CCIE courses. I found below the three (CCNA, CCNP, CCIE) links having the same NAT lesson (the lesson that was originally written for CCNA).

…/ccna-routing-switching-icnd1-100-105/how-to-configure-dynamic-nat-on-cisco-ios-router/
…/ccnp-route/how-to-configure-dynamic-nat-on-cisco-ios-router/
…/ccie-routing-switchin

... Continue reading in our forum

Hello Sumit

There are two types of translation entries: Simple and Extended. A simple translation entry maps one IP address to another. The keyword extendable which indicates an extended translation entry indicates that the translation entry will map an IP address and port pair to another. The extended translation includes the port. An example of such a configuration is the following:

ip nat inside source static tcp 192.168.1.4 25 199.198.5.1 25 extendable
ip nat inside source static tcp 192.168.1.3 21 199.198.5.1 21 extendable
ip nat inside source static t

... Continue reading in our forum

Hello Chris

This is a very valid question. Essentially, in a command such as the following, the prefix-length parameter is essentially a sanity check.

NAT(config)#ip nat pool MYPOOL 192.168.23.10 192.168.23.20 prefix-length 24

You could have easily used the prefix length of 23 or 25 and it would work correctly with the above IP addresses. However, it is always best practice to confirm that you use the real prefix length of the actual subnet in question.

I hope this has been helpful!

Laz

23 more replies! Ask a question or join the discussion by visiting our Community Forum