The purpose of using Dynamic NAT on the Router is to enable clients on the local network to match IP addresses purchased by the ISP when accessing the Internet.
How to Enable Dynamic NAT on Cisco Router
In our previous article, we reviewed how to configure PAT and Static NAT. In this article, we will configure Dynamic Network Address Translation on a Router.
To configure Dynamic NAT, you must first create an access list. After you have been granted access to the LAN IP block with the access list, you must create an IP pool with the ip nat pool command and add the addresses that you have allocated by the Internet Service Provider.
To better understand Dynamic Address Translation, you can create a detailed network project using VMware Workstation and GNS3.
With Virtual Network Editor, you can create VMnet and add the IP address block of virtual machines to VMnet to configure the virtual machines in VMware according to the network topology you create.
You also need to connect to the Internet via your computer’s Ethernet port. As we mentioned before, the GNS3 program has problems accessing the Internet with a WiFi card.
How to Convert Private IP Addresses to Global IP Addresses and Connect Virtual Machines to the Internet
Follow the steps below to configure Dynamic NAT on the simulator software.
Step 1
Open the graphical network simulator program, type the project name, and click OK.
Step 2
Add a Cisco Router, Switch, and Cloud to the workspace to create a network topology, as shown in the image below.
In addition, VMware virtual machines can be added to the workspace.
Step 3
Select and add your computer’s Ethernet in the Cloud configuration. If you select the WiFi network adapter, you cannot take virtual machines to the Internet.
Step 4
After running the Cisco Router, open the CLI command console and perform the following commands in sequence.
R1# conf t
R1(config)# interface fastethernet0/0
R1(config-if)# ip address 192.168.8.1 255.255.255.0
R1(config-if)# ip nat inside
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)#interface fastethernet0/1
R1(config-if)# ip address dhcp
R1(config-if)# ip nat outside
R1(config-if)# no shutdown
R1(config-if)# exit
R1(config)# access-list 1 permit 192.168.8.0 0.0.0.255
R1(config)# ip nat pool DYNAMICNAT 192.168.1.20 192.168.1.25 netmask 255.255.255.0
R1(config)# ip nat inside source list 1 pool DYNAMICNAT
R1(config)# exit
R1# copy running-config startup-config
With the access list, allow the network to access the Internet and configure the IP address range allocated by your ISP with the ip nat pool.
Computers on the LAN will access the Internet with the IP addresses created in this pool.
Dynamic NAT differs from Static NAT in that it controls multiple IP addresses in a single repository.
Step 5
After setting up Dynamic NAT, ping the Router’s FastEthetnet0/0 interface from the Windows 8.1 virtual machine.
Step 6
Check the network connection from the Windows 10 virtual machine by pinging the Router’s FastEthetnet0/0 interface.
Step 7
Use the show ip interface brief command to check whether the interfaces of the Cisco router are open.
You can see that the IP address of the FastEthernet0/1 interface is assigned via the DHCP server on the local network.
Step 8
When you ping the Google DNS servers from the Cisco router, you can see that this process was successful.
Step 9
The ping from the Windows 8.1 machine to the Google DNS servers will also succeed.
Step 10
As you can see, pinging from the Windows 10 machine to the Google DNS servers will be successful.
Step 11
When you apply for the show ip nat translation command in the Router’s CLI console, you can see that the 192.168.8.5 and 192.168.8.10 IP addresses are converted to Global IP addresses through Dynamic NAT.
Virtual machines used idle 192.168.1.20 and 192.168.1.21 IP addresses in the IP NAT pool.
Step 12
In the Cisco Router’s CLI console, you can see NAT statistics when you apply the show ip nat statistics command.
Show Commands
R1#show running-config
Building configuration...
Current configuration : 1175 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R1
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
no ip icmp rate-limit unreachable
ip cef
!
no ip domain lookup
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
ip tcp synwait-time 5
!
interface FastEthernet0/0
ip address 192.168.8.1 255.255.255.0
ip nat inside
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet0/1
ip address dhcp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
ip nat pool DYNAMICNAT 192.168.1.20 192.168.1.25 netmask 255.255.255.0
ip nat inside source list 1 pool DYNAMICNAT
!
access-list 1 permit 192.168.8.0 0.0.0.255
no cdp log mismatch duplex
!
control-plane
!
gatekeeper
shutdown
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
line vty 0 4
login
!
end
R1#
R1#show ip nat statistics
Total active translations: 134 (0 static, 134 dynamic; 132 extended)
Outside interfaces:
FastEthernet0/1
Inside interfaces:
FastEthernet0/0
Hits: 17148 Misses: 402
CEF Translated packets: 17183, CEF Punted packets: 731
Expired translations: 165
Dynamic mappings:
-- Inside Source
[Id: 2] access-list 1 pool DYNAMICNAT refcount 134
pool DYNAMICNAT: netmask 255.255.255.0
start 192.168.1.20 end 192.168.1.25
type generic, total addresses 6, allocated 2 (33%), misses 0
-- Outside Destination
[Id: 1] access-list 1 pool 1 refcount 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#
R1#show ip nat translations
Pro Inside global Inside local Outside local Outside global
icmp 192.168.1.21:1 192.168.8.5:1 8.8.8.8:1 8.8.8.8:1
tcp 192.168.1.21:49159 192.168.8.5:49159 2.17.229.218:80 2.17.229.218:80
tcp 192.168.1.21:49161 192.168.8.5:49161 195.175.116.65:80 195.175.116.65:80
Pro Inside global Inside local Outside local Outside global
tcp 192.168.1.21:49274 192.168.8.5:49274 54.247.73.98:443 54.247.73.98:443
tcp 192.168.1.21:49275 192.168.8.5:49275 104.86.225.240:80 104.86.225.240:80
tcp 192.168.1.21:49276 192.168.8.5:49276 93.184.221.200:443 93.184.221.200:443
tcp 192.168.1.21:49277 192.168.8.5:49277 93.184.221.200:443 93.184.221.200:443
icmp 192.168.1.20:1 192.168.8.10:1 8.8.8.8:1 8.8.8.8:1
tcp 192.168.1.20:49712 192.168.8.10:49712 204.79.197.203:443 204.79.197.203:443
tcp 192.168.1.20:49713 192.168.8.10:49713 204.79.197.203:443 204.79.197.203:443
tcp 192.168.1.20:49742 192.168.8.10:49742 31.13.93.36:443 31.13.93.36:443
tcp 192.168.1.20:49743 192.168.8.10:49743 31.13.92.2:443 31.13.92.2:443
tcp 192.168.1.20:49745 192.168.8.10:49745 31.13.92.14:443 31.13.92.14:443
tcp 192.168.1.20:49746 192.168.8.10:49746 31.13.92.14:443 31.13.92.14:443
tcp 192.168.1.20:49753 192.168.8.10:49753 40.77.226.250:443 40.77.226.250:443
--- 192.168.1.20 192.168.8.10 --- ---
How to Setup Dynamic NAT ⇒ Video
You can watch the video below to enable Dynamic NAT with GNS3 and also subscribe to our YouTube channel to support us!
Conclusion
Dynamic NAT is configured only with the pool system according to Static NAT. You can test this process more specifically with GNS3 and VMware programs. Thanks for following us!
TolgaBagci
Hi, I'm Tolga, a computer expert with 20 years of experience. I help fix computer issues with things like hardware, systems, networks, virtualization, servers, and operating systems. Check out my website for helpful info, and feel free to ask me anything. Keep yourself in the loop about the newest technologies!
