Configuring Dynamic NAT

Configuring Dynamic NAT
Dynamic NAT is used to map inside local IP addresses to inside global IP addresses on the fly
from a pool of available IP addresses. Again, you must have IP addresses assigned to the interfaces
on the router that will be participating in the NAT process in order for IP processing on
those interfaces to occur.
The dynamic NAT configuration starts in global configuration mode. In our example network,
we will use one interface connected to the inside network (Ethernet0) and one interface
connected to the Internet (Serial0). When a host on the inside of the network wants to communicate
with a host on the Internet, the NAT border router receives a packet from an interface
marked as NAT inside. The outbound interface is marked as NAT outside, and so the router
will choose an available IP address from the pool and assign it to the NAT table entry. Once an
IP address is allocated, it cannot be allocated to another translation entry until that entry times
out or is manually removed.

When traffic goes from inside to outside, NAT translations happen after routing has taken
place. Therefore, any access lists or policy routing will have been applied before the NAT translation
happens. An access list will need to be created to inform the NAT process what traffic will
be translated and what traffic will not. The next step is to configure a pool of IP addresses that
will be allocated to outbound sessions. This is done with the ip nat pool command. The syntax
of this command is as follows:
ip nat pool pool-name start-ip end-ip netmask net-mask
or
ip nat pool pool-name start-ip end-ip prefix-length length
The pool-name is any unique string that identifies this address pool. The start-ip and
end-ip are the starting and ending IP addresses within the pool. The net-mask is the network
mask in dotted-decimal format that will be used with the addresses in the pool. Optionally, you
can use the prefix-length keyword followed by the length of the CIDR prefix instead of
using a network mask. Finally, you need to tie the access list and pool together with the ip nat
inside source command. The following is the syntax of this command:
ip nat inside source list acc-list pool pool-name
The acc-list is the number or name of the access list you created that specifies the traffic
to NAT, and the pool-name is the unique string used when you created the pool of IP addresses.
The following is an example of configuring dynamic NAT using a pool:
Border(config)#interface ethernet0
Border(config-if)#ip nat inside
Border(config-if)#interface serial0
Border(config-if)#ip nat outside
Border(config-if)#exit
Border(config)#access-list 12 permit 10.1.2.0 0.0.0.255
Border(config)#ip nat pool OUTBOUND 200.1.1.2 200.1.1.254 prefix-length 24
Border(config)#ip nat inside source list 12 pool OUTBOUND
Border(config)#