Dynamic NAT vs Static NAT


Static and Dynamic NAT

Both static and dynamic NAT requires that enough public addresses are available to satisfy the total number of simultaneous user sessions.

Static NAT

Static NAT also called inbound mapping, is the process of mapping an unregistered IP address to a registered IP address on a one-to-one basis. The unregistered or mapped IP address is assigned with the same registered IP address each time the request comes through.  This process is particularly useful for web servers or hosts that must have a consistent address that is accessible from the Internet.


staticnat1

Simply, Static NAT enables a PC on a stub domain to maintain an assigned IP address when communicating with other devices outside its network or the Internet.

Static NAT configuration commands example:

R1#config t

R1(config)#ip nat inside source static 10.10.10.2 212.165.200.123

R1(config)#interface fa0/0 10.10.10.1 255.255.255.0

R1(config)#ip nat inside

R1(config)#interface se0/0 192.168.1.1 255.255.255.0

R1(config)#ip nat outside

The above configuration creates a permanent entry in the NAT table as long as the configuration is present and enables both inside and outside hosts to initiate a connection.

All you need to do in static NAT configuration is to define the addresses to translate and then configure NAT on the right interfaces. Packets arriving on an inside interface from the identified IP addresses are subject to translation. Packets arriving on an outside interface addressed to the identified IP address are subject to translation.


Dynamic NAT

Unlike static NAT that provides a permanent mapping between an internal address and a specific public address, dynamic NAT maps private IP addresses to public addresses. Dynamic NAT uses a pool of public addresses and assigns them on a first-come, first-served basis.

When a host with a private IP address requests accesses to the Internet, dynamic NAT chooses an IP address from the pool that is not already in use by another host. Dynamic NAT is useful when fewer addresses are available than the actual number of hosts to be translated.

dynamicnat1

Dynamic NAT configuration commands example:

R1#config t

R1(config)#ip nat-pool 179.9.8.80 179.9.8.95 netmask 255.255.255.0

R1 (config #ip nat inside source list 1 pool nat-pool1

R1 (config)#interface fa0/0 10.10.10.1 255.255.255.0

R1(config)#ip nat inside

R1(config)#interface se0/0

R1(config)#ip address 192.168.1.1 255.255.255.0

R1(config)#ip nat outside

R1(config)#access-list 1 permit 10.10.10.0 0.0.0.255

While static NAT provides a permanent mapping between an internal address and a specific public address, dynamic NAT maps private IP addresses to public addresses. These public IP addresses come from a NAT pool.

Note:

When configuring dynamic NAT, you need an ACL to permit only those addresses that are to be translated. Remember, you have to add an implicit “deny all” at the end of each ACL.


Comments

Popular posts from this blog

Waterfall Model (Theory)

Network Security And it's Importance