dynamic vs static policy nat

Unanswered Question
Nov 16th, 2008

I'm a little confused as to what the difference would be in using each of these NAT options in the following scenario:

Say inside host needed to be translated to an ip of when the destination address is

I should be able to accomplish this with either of the following:

policy dynamic NAT:

access-list policy_nat permit ip host host

nat (inside) 1 access-list policy_nat

global (outside) 1


static policy NAT

access-list static_nat permit ip host host

static (inside,outside) access-list static_nat

If both of those NAT options translate the source ip address based on a conditional destination address, what is the difference between the two?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
chaitu_kranthi Sun, 11/16/2008 - 10:57


Static NAT is a one-to-one mapping,

e.g an inside local address of can translate to an outside local address.

Dynamic is when you have a pool of available address to use as an outside local address,

and internal clients simply use the first available address. Ideal when each client needs it's own internet presence

but you want to share them out (useful when not all clients are online at the same time).

Usefull Link:


Rate me if it helps.


This Discussion