Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

dynamic vs static policy nat

I'm a little confused as to what the difference would be in using each of these NAT options in the following scenario:

Say inside host 10.10.10.10 needed to be translated to an ip of 172.16.10.10 when the destination address is 192.168.10.10.

I should be able to accomplish this with either of the following:

policy dynamic NAT:

access-list policy_nat permit ip host 10.10.10.10 host 192.168.10.10

nat (inside) 1 access-list policy_nat

global (outside) 1 172.16.10.10

or:

static policy NAT

access-list static_nat permit ip host 10.10.10.10 host 192.168.10.10

static (inside,outside) 172.16.10.10 access-list static_nat

If both of those NAT options translate the source ip address based on a conditional destination address, what is the difference between the two?

1 REPLY
Community Member

Re: dynamic vs static policy nat

Hi,

Static NAT is a one-to-one mapping,

e.g an inside local address of 192.168.1.1 can translate to an outside local address.

Dynamic is when you have a pool of available address to use as an outside local address,

and internal clients simply use the first available address. Ideal when each client needs it's own internet presence

but you want to share them out (useful when not all clients are online at the same time).

Usefull Link:

http://www.cisco.com/en/US/docs/security/asdm/6_1/user/guide/nat.pdf

Rate me if it helps.

323
Views
0
Helpful
1
Replies
CreatePlease to create content