Dynamic NAT Overview
Similar to static NAT, dynamic NAT translates each private IP address into a different public IP address. However, instead of manually defining the mappings, dynamic NAT performs a many-to-many translation, which is accomplished by automatically mapping each device's private IP address to a unique public IP address from a pool of available addresses.
When local devices make requests to access resources on the internet, the translating device assigns public IP addresses from the pool on a first-come, first-served basis. Here, each mapping is temporary in the NAT table because the public IP address is released back to the pool when the session ends, allowing another device to use it later.
Another difference with static NAT is that an access list must be used as part of the dynamic NAT configuration. The purpose of using an ACL is to define which IP addresses are permitted for NAT translation.
Best Use Case for Dynamic NAT
Keep in mind that with dynamic NAT, the number of public IP addresses is the same as the number of devices that need to go to the internet, so the pool size should be sufficient to satisfy the translation requirements. Therefore, dynamic NAT is not an appropriate choice for translating endpoints (users).
It is best suited for situations where two companies merge and have an IP address overlap. This way, instead of a complete readdressing of the whole network, dynamic NAT can translate the IP addresses of the packets when sent from one network to another.
Dynamic NAT Configuration Example
Let’s use the same example topology from the image above as a use case to configure dynamic NAT. The goal is for the private IP addresses of the two computers inside the network to be translated into public IP addresses so they can access the internet.
The configuration consists of an ACL for permitting a set of IP addresses that need to be translated, a pool containing the IP addresses into which translations will occur, and the command that will merge these two commands.
To define the pool, you need to use the ip nat pool pool-name start-ip end-ip netmask subnet-mask in global configuration mode. To enable dynamic NAT, you must map the pool to the previously configured ACL using the ip nat inside source list ACL-name pool pool-name command. Enabling NAT on the interfaces is done in the same manner as with static NAT. The commands required for the example are as follows:
To verify the dynamic NAT configuration, you need to use the same show ip nat translation command.