NAT – Part 3 (Dynamic NAT Configuration on Cisco IOS) :

NAT – Part 3 (Dynamic NAT Configuration on Cisco IOS)

Category: Cisco, NAT
Author: gokhankosem, on 05 Feb 15 - 2 Comments

Dynamic NAT Configuration on Cisco IOS

Before this article, we have talked about static nat configuration. Here, we will talk about dynamic nat configuration. As before, in the dynamic NAT configuration, the interfaces must be identified as inside and outside again. Then we will define a dynamic address adress pool.The ip address will be choosen in this pool to assign as source ip address.

Our topology is below. This time we use packet tracer as our auxiliary simulation program.

dynamic nat (network adress translation)

Dynamic NAT (Network Address Translation) Configuration Topology

Do not miss the point that, to do this configuration, we must already do the interface configuration and the full connectivity must be establihed.

Firstly let’s check the ping packet’s source address when we are pinging from PC 1 to Router 1. AS you can see, the source address will be the PC 0 ‘s ip address. To see the packet you must enable debug modee on Router 1 by “debug ip packet” command.Check the below screenshots.

dynamic nat (network adress translation) debug

dynamic nat (network adress translation) debug

Now let’s configure the dynamic nat related configuration on Router0.

Configure the Router0 with the below commands:

Router0 # conf terminal 
Router0 (config)#  int fastethernet 0/0 
Router0 (config-if)#  ip nat inside 
Router0 (config-if)#  exit
Router0 (config)#  int  fastethernet 1/0 
Router0 (config-if)#  ip nat outside
Router0 (config-if)#  exit
Router0(config)# ip nat pool ipcisco netmask

Lastly, with an access list you must specify the private addresses to be allowed to be dynamically translated.

Router0(config)#  ip nat inside source list 10 pool ipcisco 
Router0(config)#  access-list 10 permit

Here, these allowed addresses above will be tranlated to a value in public address pool that will be dynamically choosen.

It is tim eto verify our configuration with the same ping packet’s source ip address control. Open the debug mode on Router1 with “debug ip packet” command and ping the Router1 from PC0.

dynamic nat (network adress translation) debug

dynamic nat (network adress translation) debug

As you can see, one of the addresses in the ipcisco pool is choosen and seen as a source address.
You can download the packet tracer configuration and check simulation.

You can download the GNS3 example here.

You can download “GNS3″ in Tools section.

NAT – Part 1
NAT – Part 2 (Static NAT Configuration)
NAT – Part 4 (Port Address Translation)
NAT – Part 5 (Troubleshooting)

About the Author
Gokhan Kosem is a telecommunation and network engineer. His ambition to IP networks and end-to-end system installation made him to prepare this web-site. By sharing his experiences about various networking protocols beside different system installation experiences and Cisco, Juniper, Alcatel-Lucent devices configurations, he is aimed to be helpful for his collegues in all over the world. He is currently lives in Istanbul, Turkey.

2 comments for “NAT – Part 3 (Dynamic NAT Configuration on Cisco IOS)”


Sir i want understand Dynamic NAT configuration as trainee pls with dygram

January 26th, 2015 at 21:19

Dear Gokhan..The tutorial was really helpful but you
could have used 8 more PCs to let us know when the ip pool becomes exhausted and the last PC could not access internet.

February 7th, 2015 at 18:44

Leave a Reply

Copy Protected by Chetans WP-Copyprotect.