Dynamic nat with ip overload (pat) configuration – Cabletron Systems SmartSwitch User Manual

SmartSwitch Router User Reference Manual

229

Chapter 14: Network Address Translation Configuration Guide

Dynamic bindings are removed when the flow count for that binding goes to zero or the
timeout has been reached. The free globals are used again for the next packet.

A typical problem is that if there are more local IP addresses as compared to global IP
addresses in the pools, then packets will be dropped if all the globals are used. A solution
to this problem is to use PAT with NAT dynamic. This is only possible with TCP or UDP
protocols.

Dynamic NAT with IP Overload (PAT) Configuration

The following example configures a dynamic address binding for inside addresses
10.1.1.0/24 to outside address 192.50.20.0/24:

The first step is to create the interfaces:

Next, define the interfaces to be NAT “inside” or “outside”:

Then, define the NAT dynamic rules by first creating the source ACL pool and then
configuring the dynamic bindings:

et.2.2

(192.50.20.1/24)

et.2.1

(10.1.1.1/24)

Global Internet

IP network 10.1.1.0/24

Router

interface 10-net

interface 192-net

10.1.1.4

10.1.1.2

10.1.1.3

Outbound: Translate source pool 10.1.1.0/24 to global pool 192.50.20.1-192.50.20.3

interface create ip 10-net address-netmask 10.1.1.1/24 port et.2.1
interface create ip 192-net address-netmask 192.50.20.1/24 port et.2.2

nat set interface 10-net inside
nat set interface 192-net outside

acl lcl permit ip 10.1.1.0/24
nat create dynamic local-acl-pool lcl global-pool 192.50.20.1-192.50.20.3