Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

dynamic vs static policy nat

I'm a little confused as to what the difference would be in using each of these NAT options in the following scenario:

Say inside host needed to be translated to an ip of when the destination address is

I should be able to accomplish this with either of the following:

policy dynamic NAT:

access-list policy_nat permit ip host host

nat (inside) 1 access-list policy_nat

global (outside) 1


static policy NAT

access-list static_nat permit ip host host

static (inside,outside) access-list static_nat

If both of those NAT options translate the source ip address based on a conditional destination address, what is the difference between the two?

Community Member

Re: dynamic vs static policy nat


Static NAT is a one-to-one mapping,

e.g an inside local address of can translate to an outside local address.

Dynamic is when you have a pool of available address to use as an outside local address,

and internal clients simply use the first available address. Ideal when each client needs it's own internet presence

but you want to share them out (useful when not all clients are online at the same time).

Usefull Link:

Rate me if it helps.

CreatePlease to create content