Using Dynamic NAT and PAT
Configuring Dynamic NAT or PAT
This section describes how to configure dynamic NAT or dynamic PAT. The configuration for dynamic
NAT and PAT are almost identical; for NAT you specify a range of mapped addresses, and for PAT you
specify a single address.
Figure 16-20
and responding traffic is allowed back. The mapped address is dynamically assigned from a pool defined
by the global command.
Figure 16-20
10.1.1.1
10.1.1.2
Figure 16-21
responding traffic is allowed back. The mapped address defined by the global command is the same for
each translation, but the port is dynamically assigned.
Figure 16-21
10.1.1.1:1025
10.1.1.1:1026
10.1.1.2:1025
For more information about dynamic NAT, see the
information about PAT, see the
If you change the NAT configuration, and you do not want to wait for existing translations to time out
Note
before the new NAT information is used, you can clear the translation table using the clear xlate
command. However, clearing the translation table disconnects all current connections that use
translations.
To configure dynamic NAT or PAT, perform the following steps:
To identify the real addresses that you want to translate, enter one of the following commands:
Step 1
•
Catalyst 6500 Series Switch and Cisco 7600 Series Router Firewall Services Module Configuration Guide using ASDM
16-26
shows a typical dynamic NAT scenario. Only translated hosts can create a NAT session,
Dynamic NAT
FWSM
209.165.201.1
209.165.201.2
Inside Outside
shows a typical dynamic PAT scenario. Only translated hosts can create a NAT session, and
Dynamic PAT
FWSM
209.165.201.1:2020
209.165.201.1:2021
209.165.201.1:2022
Inside Outside
Policy NAT:
hostname(config)# nat (real_interface) nat_id access-list acl_name [dns] [outside]
[[tcp] tcp_max_conns [emb_limit]] [udp udp_max_conns] [norandomseq]
"Dynamic NAT" section on page
"PAT" section on page
16-8.
Chapter 16
Configuring NAT
16-6. For more
OL-20748-01