Dynamic NAT is used for a large network or when a large number of users want to access external resources. We highly recommend you to read the previous post, “Configuring Static NAT” if you missed that. In this post, we will explain how to configure dynamic NAT. Configuring dynamic NAT is slightly different from the configuring static NAT.
In order to configure dynamic NAT, you need to apply an ACL to specify which users or networks are allowed to access external resources and need to be translated. After that, you need to create a range of IP addresses (called pool) from which the NAT router will allocate the IP addresses to the internal users on the “first come first serve” basis.
We will use the following Cisco Packet Tracer topology. We assume that you have already configured appropriate IP addresses on each device.
Steps to Configure Dynamic NAT
To configure dynamic NAT, you need to perform the following steps:
- On Router1, execute the following commands to specify the inside and outside interfaces.
Router1(config)#int fa0/0 Router1(config-if)#ip nat inside Router1(config-if)#exit Router1(config)#int fa0/1 Router1(config-if)#ip nat outside Router1(config-if)#exit
- Now, execute the following command to create a pool and specify the ranges that the NAT router will use to allocate IP addresses.
Router1(config)#ip nat pool mypool 184.108.40.206 220.127.116.11 netmask 255.255.0.0
- Next, execute the following command to apply the created pool.
Router1(config)#ip nat inside source list 10 pool mypool
- Next, execute the following commands to apply an ACL to allow the networks.
Router1(config)#access-list 10 permit 10.0.0.0 0.255.255.255
- Next, execute the following command to specify the interface and the ACL direction.
Router1(config)#int fa0/0 Router1(config-if)#ip access-group 50 out Router1(config-if)#exit Router1(config)#exit
- The following figure shows the Dynamic NAT configuration on Router1.
Verify Dynamic NAT configuration
- To verify dynamic NAT configuration, open command prompts on PC0 and PC1 and type the following command on both PCs:
- Now, execute the following command to show the translated IP addresses.
Router1#show ip nat translations
Verify that the private IP address is translated into a global IP address from the configured pool.
In this post, we have explained how to configure Dynamic NAT on Cisco routers using Cisco Packet Tracer. Do share the article and subscribe us for more upcoming posts.