cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
721
Views
0
Helpful
1
Replies

dynamic vs static policy nat

mjsully
Level 1
Level 1

I'm a little confused as to what the difference would be in using each of these NAT options in the following scenario:

Say inside host 10.10.10.10 needed to be translated to an ip of 172.16.10.10 when the destination address is 192.168.10.10.

I should be able to accomplish this with either of the following:

policy dynamic NAT:

access-list policy_nat permit ip host 10.10.10.10 host 192.168.10.10

nat (inside) 1 access-list policy_nat

global (outside) 1 172.16.10.10

or:

static policy NAT

access-list static_nat permit ip host 10.10.10.10 host 192.168.10.10

static (inside,outside) 172.16.10.10 access-list static_nat

If both of those NAT options translate the source ip address based on a conditional destination address, what is the difference between the two?

1 Reply 1

chaitu_kranthi
Level 1
Level 1

Hi,

Static NAT is a one-to-one mapping,

e.g an inside local address of 192.168.1.1 can translate to an outside local address.

Dynamic is when you have a pool of available address to use as an outside local address,

and internal clients simply use the first available address. Ideal when each client needs it's own internet presence

but you want to share them out (useful when not all clients are online at the same time).

Usefull Link:

http://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/nat.pdf

Rate me if it helps.

Review Cisco Networking for a $25 gift card