Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NAT (Any inside local address space)

Is it possible for a NAT implementation to convert simultaneously ANY possible inside local address (multiple IP ranges, VLSM etc) to a single inside global address? Inside local can be routed or non routed ranges.

Thanks - Chris


Re: NAT (Any inside local address space)

The topic of this forum is General Security however there are a number of professionals online who may be able to assist you. We are always considering additional forums for such topics and I will make a note of your post.

If you don't get a suitable response to your post, you may wish to review our resources at the online Technical Assistance Center ( or speak with a TAC engineer. You can open a TAC case online at

If anyone else in the forum has some advice, please reply to this thread.

Thank you for posting.

Re: NAT (Any inside local address space)

i assume u r using a cisco router.

The solution u want is very much possible. The method used is called as NAT address overloading. The principle used is. You match an access-list with the inside local ip address ranges.. Then you create a nat pool with a single ip address ( the public inside global address) and give a keyword "overload" to the pool. and associate the pool with this access-list.

Now when NAT takes place... u r internal ip addresses will be translated to the same inside global ip address..the router distinguishes different connections by changing the ports..(TCP or UDP ports)..

with regards,


New Member

Re: NAT (Any inside local address space)

Thanks Shanky - but what I really want is the access list to be created dynamically based upon source IP. I don't want to have to do any work!

- Chris

New Member

Re: NAT (Any inside local address space)

The other post was correct. you do not need to do any work other than defining the inside and outside NAT interfaces, setting up the pool address with overload. this is dynamic.

an acl is not needed unless you want to emulate a proxy server and need to deny/permit

certain address ranges to be NATted. to do this, you will need to create a route map and define

it into the NAT address pool.

CreatePlease login to create content