Dynamic NAT (Network Address Translation) - Complete Guide

1. What is Dynamic NAT?

Definition: Dynamic NAT allows many internal private IP addresses to temporarily map to a pool of public IPs. It provides a many-to-many relationship and is used when public IPs are limited.

Purpose & Use Cases:

✅ Conserve public IPs (shared pool)
✅ Support legacy apps that need real public IPs
✅ Hide internal IPs from the internet

Example Scenario:

10 public IPs: 203.0.113.1 - 203.0.113.10
100 internal devices: 192.168.1.1 - 192.168.1.100
Only 10 devices can access the internet at the same time

2. How Dynamic NAT Works (Many-to-Many)

Term	Meaning	Example
Inside Local	Private IP	192.168.1.10
Inside Global	Temporary public IP from pool	203.0.113.5
NAT Pool	Range of public IPs	203.0.113.1-10
ACL	Defines eligible internal IPs	permit 192.168.1.0 0.0.0.255

Traffic Flow:

Device sends traffic → Router assigns a public IP from pool
Mapping stored in NAT table
Reply traffic → translated back to internal IP

3. Dynamic NAT Configuration (Cisco IOS)

Step 1: Define NAT Pool

ip nat pool MY_POOL 203.0.113.1 203.0.113.10 netmask 255.255.255.0

Step 2: Create ACL for Internal IPs

access-list 1 permit 192.168.1.0 0.0.0.255

Step 3: Bind ACL to NAT Pool

ip nat inside source list 1 pool MY_POOL

Step 4: Set Interfaces

interface GigabitEthernet0/0
 ip nat inside
 exit
interface GigabitEthernet0/1
 ip nat outside
 exit

4. Verifying Dynamic NAT

Show Translations:

show ip nat translations

Sample Output:

Pro Inside global     Inside local       Outside local      Outside global
--- 203.0.113.1      192.168.1.10       8.8.8.8            8.8.8.8

Show NAT Statistics:

show ip nat statistics

5. Behavior When Pool Is Exhausted

New connections are blocked.
Idle translations expire by default after 24 hours.

ip nat translation timeout 3600

6. Testing Dynamic NAT

From Internal Clients:

ping 8.8.8.8
show ip nat translations

From External Network:

Traffic from internal hosts will appear as one of the pool IPs.

7. Troubleshooting Dynamic NAT

❌ No Translation? Check ACL, NAT pool, and interface roles
❌ Pool Exhausted? Add more IPs or reduce timeout
❌ Asymmetric Routing? Ensure return traffic goes through the same NAT router

Debug Commands:

debug ip nat
clear ip nat translation *

8. Dynamic NAT vs. Static NAT vs. PAT

Feature	Dynamic NAT	Static NAT	PAT (Overload)
Mapping	Many-to-Many	1:1 Permanent	Many:1 (Port-based)
Public IPs	Pool of IPs	Dedicated per host	Single IP
Use Case	Limited IPs	Servers, CCTV	Home/Office NAT
Scalability	Moderate	Low	High

9. Security & Scalability

✅ Masks internal addresses
✅ Shares IPs efficiently
⚠ Pool limit blocks excess users
⚠ No port-level translation like PAT

10. Practical Example

Scenario:

Internal Network: 192.168.1.0/24
Public Pool: 203.0.113.1-10

Configuration:

ip nat pool MY_POOL 203.0.113.1 203.0.113.10 netmask 255.255.255.0
access-list 1 permit 192.168.1.0 0.0.0.255
ip nat inside source list 1 pool MY_POOL

Result: First 10 users get public IPs. Others must wait until one is freed.

11. Summary

Dynamic NAT = Temporary IP mapping using a public IP pool
Used when you need real IPs, but limited availability
Setup includes: NAT pool, ACL, binding, and interface roles
Monitor with: show ip nat translations

Dynamic NAT (Network Address Translation) Quiz

1. What is Dynamic NAT primarily used for?

A. Mapping a single private IP to a single public IP permanently B. Mapping many public IPs to a single private IP C. Mapping multiple private IPs to a pool of public IPs temporarily D. Encrypting IP addresses for security

Correct answer is C. Dynamic NAT temporarily maps multiple private IPs to a pool of public IPs.

2. Which of the following best describes "Inside Local" IP in Dynamic NAT?

A. The private/internal IP of a device B. The public IP assigned to the device C. The IP of an external host on the internet D. The broadcast IP of a subnet

Correct answer is A. Inside Local refers to the private/internal IP address of a device.

3. What command is used to define a NAT pool in Cisco IOS?

A. ip nat inside source list 1 pool MY_POOL B. access-list 1 permit 192.168.1.0 0.0.0.255 C. interface GigabitEthernet0/0 ip nat inside D. ip nat pool MY_POOL 203.0.113.1 203.0.113.10 netmask 255.255.255.0

Correct answer is D. This command defines the NAT pool range and netmask.

4. What is the purpose of an Access Control List (ACL) in Dynamic NAT configuration?

A. To block all incoming internet traffic B. To specify which internal IP addresses can use NAT translation C. To configure routing protocols D. To authenticate external users

Correct answer is B. ACLs define which internal IP addresses are eligible for NAT.

5. Which interface command marks the LAN-facing interface for Dynamic NAT?

A. ip nat inside B. ip nat outside C. ip nat pool D. access-list permit

Correct answer is A. The inside interface is marked with 'ip nat inside' in Cisco IOS.

6. What happens if the NAT pool is exhausted and no public IPs are available?

A. Internal devices get assigned private IPs B. Router assigns IPs dynamically from DHCP pool C. New connections are dropped until an IP is freed D. Router automatically adds more public IPs

Correct answer is C. New connections will be dropped if no public IP is available.

7. Which command verifies current active NAT translations?

A. show access-list 1 B. show ip nat pool C. show interfaces status D. show ip nat translations

Correct answer is D. 'show ip nat translations' displays active NAT mappings.

8. How does Dynamic NAT differ from Static NAT?

A. Dynamic NAT uses a 1:1 permanent mapping B. Dynamic NAT uses temporary many-to-many mappings from a pool C. Static NAT supports many-to-many mapping D. Static NAT requires ACLs

Correct answer is B. Dynamic NAT maps many private IPs temporarily to a pool of public IPs, unlike static 1:1 mapping.

9. Which of the following is a con of Dynamic NAT compared to PAT?

A. Limited by the size of the public IP pool B. Complex configuration C. Supports more concurrent users D. Uses port numbers for translation

Correct answer is A. Dynamic NAT is limited by the number of public IPs in the pool.

10. In the example scenario, how many internal devices can access the internet simultaneously with 10 public IPs in the pool?

A. 100 devices B. 50 devices C. 10 devices D. Unlimited devices

Correct answer is C. Only 10 devices can access the internet simultaneously because of the limited pool size.

← Back to Home