Dynamic NAT
1. Dynamic NAT
Overview of Dynamic NAT
Dynamic NAT allows multiple devices inside a private network to share a pool of public IP addresses when accessing the internet. When a device needs to communicate externally, it is temporarily assigned a public IP from the available pool. Once the device finishes its communication, the public IP is released and returned to the pool for other devices to use.
Unlike Static NAT, where each internal device is permanently mapped to a specific public IP, Dynamic NAT offers flexibility.
Public IPs are assigned on a first-come, first-served basis, meaning the mappings can change over time depending on the availability of public IP addresses in the pool.
Benefits of Dynamic NAT
- Temporary Assignment: Devices are only assigned a public IP when needed. Once the session ends, the public IP is returned to the pool for other devices to use.
- Shared Public IP Pool: Dynamic NAT requires a range of public IPs. The number of devices that can access the internet simultaneously is limited by the size of this pool.
- Flexible Mapping: Public IPs are not tied to specific devices, allowing efficient use of limited public IP addresses, as long as there are enough IPs to meet demand.
Example:
In the diagram above, the private devices 192.168.1.10, 192.168.1.11, and 192.168.1.12 share a pool of public IPs (203.20.10.103, 203.20.10.104, and 203.20.10.105).
- Device
192.168.1.10connects to the internet and is temporarily assigned the public IP203.20.10.103. - Device
192.168.1.11initiates a connection and is assigned the next available public IP,203.20.10.104.
When these devices complete their sessions, their assigned public IPs are returned to the pool for other devices.
2. Configuring Dynamic NAT
NAT Pool and Dynamic NAT Configuration
Dynamic NAT allows for the dynamic assignment of a public IP address from a pool to an internal private IP address whenever a device on the internal network requests access to an external resource.
Configuration Steps
- Define the NAT Pool:
Router(config)# ip nat pool MYPOOL 203.20.10.103 203.20.10.105 netmask 255.255.255.0
This command creates a pool of three public IP addresses (203.20.10.103 to 203.20.10.105).
- Define an Access List to Permit Internal Traffic:
Router(config)# access-list 1 permit 192.168.1.0 0.0.0.255
This access list allows NAT to handle traffic from the 192.168.1.0 network.
- Configure Dynamic NAT to Use the Pool:
Router(config)# ip nat inside source list 1 pool MYPOOL
This command tells NAT to translate IP addresses from the 192.168.1.0 network to the public IPs in the MYPOOL.
- Identify Inside and Outside Interfaces:
Router(config)# interface GigabitEthernet0/0 Router(config-if)# ip nat inside Router(config-if)# exit Router(config)# interface GigabitEthernet0/1 Router(config-if)# ip nat outside
- GigabitEthernet0/0 is the inside interface, connected to the private network.
- GigabitEthernet0/1 is the outside interface, connected to the public network (Internet).
Verifying and Troubleshooting Dynamic NAT
After configuring Dynamic NAT, it’s important to verify that it is functioning correctly and troubleshoot any issues.
Viewing Active NAT Translations
Router# show ip nat translations Pro Inside global Inside local Outside local Outside global --- 203.20.10.103 192.168.1.10 201.20.10.1 201.20.10.1 --- 203.20.10.104 192.168.1.11 201.20.10.1 201.20.10.1
In this case, 192.168.1.10 and 192.168.1.11 have been dynamically assigned public IPs (203.20.10.103 and 203.20.10.104, respectively). Since 192.168.1.12 has not initiated any traffic, there is no translation for it.
Viewing NAT Statistics
Router# show ip nat statistics Total active translations: 2 (2 dynamic, 0 static) Outside interfaces: GigabitEthernet0/1 Inside interfaces: GigabitEthernet0/0 Hits: 40 Misses: 2 Expired translations: 0
- Total active translations: 2 active translations (for
192.168.1.10and192.168.1.11). - Hits: Successful NAT translations.
- Misses: Failed translation attempts.