Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
723
Views
0
Helpful
1
Replies

dynamic vs static policy nat

mjsully
Level 1
Level 1

‎11-16-2008 07:50 AM - edited ‎03-11-2019 07:13 AM

I'm a little confused as to what the difference would be in using each of these NAT options in the following scenario:

Say inside host 10.10.10.10 needed to be translated to an ip of 172.16.10.10 when the destination address is 192.168.10.10.

I should be able to accomplish this with either of the following:

policy dynamic NAT:

access-list policy_nat permit ip host 10.10.10.10 host 192.168.10.10

nat (inside) 1 access-list policy_nat

global (outside) 1 172.16.10.10

or:

static policy NAT

access-list static_nat permit ip host 10.10.10.10 host 192.168.10.10

static (inside,outside) 172.16.10.10 access-list static_nat

If both of those NAT options translate the source ip address based on a conditional destination address, what is the difference between the two?

Labels:
0 Helpful
1 Reply 1

chaitu_kranthi
Level 1
Level 1

‎11-16-2008 10:57 AM

Hi,

Static NAT is a one-to-one mapping,

e.g an inside local address of 192.168.1.1 can translate to an outside local address.

Dynamic is when you have a pool of available address to use as an outside local address,

and internal clients simply use the first available address. Ideal when each client needs it's own internet presence

but you want to share them out (useful when not all clients are online at the same time).

Usefull Link:

http://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/nat.pdf

Rate me if it helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card