Configuring dynamic NAT in Cisco devices

This article will help you through the steps to configure dynamic NAT on Cisco devices. You will be able to create the corresponding Configlet commands using Network Configuration Manager application. This will help you perform the same operation on multiple devices simultaneously.

With dynamic NAT, you specify two sets of addresses on your Cisco router:

  1. Inside addresses that will be translated.
  2. A pool of global addresses.

Unlike with static NAT, where you had to manually define a static mapping between a private and a public address, with dynamic NAT the mapping of a local address to a global address happens dynamically. This means that the router dynamically picks an address from the global address pool that is not currently assigned. It can be any address from the pool of global addresses. The dynamic entry stays in the NAT translations table as long as the traffic is exchanged. The entry times out after a period of inactivity and the global IP address can be used for new translations.

If you don't have NCM installed, please click here to download and install the application.

To configure dynamic NAT, the following steps are required:

  1. Configure the router’s inside interface using the ip nat inside command
  2. Configure the router’s outside interface using the ip nat outside command
  3. Configure an ACL that has a list of the inside source addresses that will be translated
  4. Configure the pool of global IP addresses using the ip nat pool NAME FIRST_IP_ADDRESS LAST_IP_ADDRESS netmask SUBNET_MASK command
  5. Enable dynamic NAT with the ip nat inside source list ACL_NUMBER pool NAME global configuration command

Steps to configure dynamic NAT using CLI.

  1. Login to the device using SSH / TELNET and go to enable mode.
  2. Go into the config mode.
  3. Router#configure terminal

    Enter configuration commands, one per line. End with CNTL/Z.

    Router(config)#

  4. Configure the router's inside interface
  5. Router(config)#interface fa0/0

    Router(config-if)#ip nat inside

    Router(config-if)#exit

  6. Configure the router's outside interface
  7. Router(config)#interface eth0/0/0

    Router(config-if)#ip nat outside

    Router(config-if)#exit

  8. Configure an ACL that has a list of the inside source addresses that will be translated.
  9. Router(config)#access-list 1 permit 192.168.0.0 0.0.0.255

    NOTE:The access list configured above matches all hosts from the 192.168.0.0/24 subnet.

  10. Configure the pool of global IP addresses
  11. Router(config)#ip nat pool MY_POOL 4.4.4.1 4.4.4.5 netmask 255.255.255.0

    NOTE: The pool configured above consists of 5 addresses: 4.4.4.1, 4.4.4.2, 4.4.4.3, 4.4.4.4, and 4.4.4.5.

  12. Enable dynamic NAT
  13. Router(config)#ip nat inside source list 1 pool MY_POOL

    NOTE: The command above instructs the router to translate all addresses specified in the access list 1 to the pool of global addresses called MY_POOL.

  14. Exit config mode
  15. Router(config)#exit

    Router#

  16. Execute show ip nat translations command to view the NAT configuration.
  17. Copy the running configuration into startup configuration using below command
  18. Router#write memory

    Building configuration... [OK]

    Router#

The corresponding configlet can be created in NCM application as shown in below screenshot.

NAT Cisco

Also you can click the below button to download the Configlet as XML and import it into NCM application using file import option.

 
Configlet Name Configure Dynamic NAT - Cisco
Description This configlet is used to configure dynamic NAT on cisco devices
Execution Mode Script Execution Mode
Configlet Content
configure terminal
interface $INSIDE_INTF
ip nat inside
exit
interface $OUTSIDE_INTF
ip nat outside
exit
access-list $ACL_ID permit $SOURCE_ADDRESS $SUBNET_MASK
ip nat pool $POOL_NAME $POOL_START_ADDRESS $POOL_END_ADDRESS netmask $NETMASK
ip nat inside source list $ACL_ID pool $POOL_NAME
exit
show ip nat translations
write memory