The ip nat inside destination command translates the destination address of a packet going from the outside interface to the inside interface. This command is used to load balance among multiple servers on the inside network. The existence of multiple servers is hidden from the external world, which continues to use a single IP address to request the desired content. At the Network Address Translation (NAT) router, these requests are directed to one of the multiple inside servers specified in the NAT pool. This is done in a round-robin manner, distributing the load among the available servers.
The ip nat inside destination command can also be used to mask the actual IP address of a server on the inside network. This one-to-one translation is created by specifying a single address in the NAT pool. However, the translation created by this command is a dynamic translation. The ip nat inside destination command does not support the static keyword and cannot be used to build static mapping.
The ip nat inside source static command can be used to hide the actual address of the inside server by using a static translation, as shown in this command:
ip nat inside source static 10.10.10.1 172.16.10.1
This command hides the true address of the server, 10.10.10.1, on the inside network. The external world can access the server using the IP address 172.16.10.1. The NAT router translates the destination address of the incoming packet from 172.16.10.1 to the server's actual IP address of 10.10.10.1. This is a static translation.