NAPT Dynamic Inside Address Translation

Basic NAPT Dynamic Inside Address Translation shows an example of a basic dynamic NAPT address translation. NAPT address translation is only supported for IPv4 addressing. The example shows network client Client1. The access-list assigned to this dynamic translation must contain permits for the Client1 IP address. A NAT pool can be configured with a single IP address for its range of publicly available IP addresses. The pool is assigned to the source list. A single public IP address will be sufficient should multiple clients be configured because NAPT will use the available L4 port range of this IP address when assigning addresses for dynamic translation. This is a NAPT dynamic translation so we must assign the overload option when configuring the source list.

Client1 sends a TCP packet (source port 35000) to Server1 port 80, via the NAT router. The packet arrived on a VLAN configured as NAT inside and Server1 is accessible through a VLAN configured as NAT outside.

An access-list matching Client1's source IP address is configured to a NAT source list. A dynamic binding is created and a global IP address is assigned to the binding. Since the source list is overloaded the NAT pool is checked to see if Client1's original source port (35000) is in use for the global NAT pool address. If this port is already in use by some other binding, a new source port is chosen and assigned to the binding. In this example we will assume 35000 is already used and assume the NAT pool assigned source port 80.

The packet is sent to Server1 with the destination IP address and TCP port unchanged and the source IP address changed to global NAT pool address with the TCP source port changed to 80.

When Server1 responds to Client1, its packet arrives at the NAT router with Client1‘s translated address (global NAT pool address port 80) as the destination address, but leaves the NAT router with Client1‘s actual address (Client1 IP address port 35000) as the destination address. Server1‘s response is delivered to Client1 IP address port 35000.