Table of Contents
Advertisement
Next, define the interfaces to be NAT inside or outside:
nat set interface 10-net inside
nat set interface 192-net outside
Then, define the NAT dynamic rules by first creating the source ACL pool and then
configuring the dynamic bindings:
acl lcl permit ip 10.1.1.0/24
nat create dynamic local-acl-pool lcl global-pool 192.50.20.0/24
Using Dynamic NAT
Dynamic NAT can be used when the local network (inside network) is going to initialize
the connections. It creates a binding at run time when a packet is sent from a local
network, as defined by the NAT dynamic local ACl pool. The network administrator does
not have to worry about the way in which the bindings are created; the network
administrator just sets the pools and the IA automatically chooses a free global IP from the
global pool for the local IP address.
Dynamic bindings are removed when the flow count for that binding goes to zero or the
timeout has been reached. The free global IP addresses are used again for the next packet.
A typical problem is that if there are more local IP addresses as compared to global IP
addresses in the pools, then packets will be dropped if all the globals are used. A solution
to this problem is to use PAT with NAT dynamic. This is only possible with TCP or UDP
protocols.
Internet Appliance User Reference Manual
Chapter 11: Network Address Translation Configuration Guide
191
Advertisement
Table of Contents
