CISCO Configuring Dynamic Network Address Translation (NAT)

Network Address Translation (NAT) involves taking an IP address from one interface, translating it to another IP address, and then pushing it out on a different interface. It is primarily used for security and privacy.

Lab Setup

IP Schema

First, we need to decide on an IP addressing scheme. For this example, we will use /24 subnets on addresses and The host machines will be allocated the first usable address in these subnets, and the interfaces on the router will receive the last usable address.

IP Configuration

Initially, we will configure the IP addresses for the client machines:

pc1ip pc2ip

Next, we will configure the router interfaces:

gi00 gi01

A quick ping check between the client machines, PC1 and PC2, displays the traffic. Note the IP addresses at this stage (no address translation is taking place):

pingnonat pingnonatwireshark

To clarify which line we are examining, it is highlighted in red:


Configuring Dynamic NAT

Dynamic NAT allows us to use a POOL of available IP addresses in one subnet for translation. Static NAT translates one defined IP address to another defined IP address. Refer to our other guide for configuring static NAT.

Firstly, we configure our NAT zones. We need to inform the router about each interface:

nat_inside nat_outside

As we are configuring dynamic NAT, we need to create a POOL of free addresses in the subnet for translating traffic. The first address used in translation should be


Next, we create an Access Control List (ACL) to help the router identify the traffic we want to NAT:


The final step is to apply (turn on NAT) by specifying the POOL name 'SR' and the ACL:


Let's verify by checking the IP addresses using Wireshark. Ideally, we shouldn't see any 192.168.10.x addresses:

pingnat natwireshark

Our address translation is successful. The router's translation can be viewed as follows:



Email: [email protected]

Copyright © 2023 -