NAT Dynamic Configuration Example

This example steps you through a NAT Dynamic Configuration for:

See IPv4 NAT Dynamic Configuration Example for a presentation of the IPv4 dynamic NAT and NAPT example setup. See IPv6 NAT Dynamic Configuration Example for a presentation of the IPv6 dynamic NAT and fullcone NAT example setup.

The dynamic NAT configuration example configures two IPv4 and two IPv6 clients. Client Configuration Table provides configuration details for each client. In all cases, the packet flow destination is Server1 IPv4 address 200.1.1.50 or IPv6 4000:1:2::5.

Click to expand in new window

Client Configuration Table

Client Description
Client1 An IPv4 basic dynamic configuration (IPv4 NAT Dynamic Configuration Example).
  • IPv4 standard access list clientIPv4_acl permits Client1‘s local IP address 10.1.1.1.
  • The IPv4 NAT pool natIPv4_pool allows an address range of 200.1.1.1 through 200.1.1.10 to be used as the global IPv4 address pool. IPv4 external address 200.1.1.1 is used.
  • VLAN 10 is enabled as a NAT inside interface. VLAN 100 is enabled as a NAT outside interface.
Client2 An IPv6 basic dynamic configuration (IPv6 NAT Dynamic Configuration Example).
  • IPv6 standard access list clientIPv6_acl permits Client2‘s local IP address 1000::20.
  • The natIPv6_pool1 allows an address range of 4000:1:1:1::/112 count 100 to be used as the global IPv6 address pool. IPv6 address 4000:1:1:1::10 is used.
  • VLAN 10 is enabled as a NAT inside interface. VLAN 100 is enabled as the NAT outside interface.
Client3 An IPv6 basic dynamic fullcone configuration (IPv6 NAT Dynamic Configuration Example).
  • IPv6 standard access list clientIPv6_acl permits Client3‘s local IP address 1000::30.
  • The natIPv6_pool2 allows an address range of 4000:2:2:2::/112 count 100 to be used as the global IPv6 address pool. IPv6 address 4000:2:2:2::20 is used.
  • VLAN 20 is enabled as a NAT inside interface. VLAN 200 is enabled as the NAT outside interface.
  • Fullcone NAT is configured and cone_acl is assigned to the configuration. The extended access list cone_acl permits TCP packets for Xbox LIVE related ports 160 through 168 sourced from 1000::/48 and destined to 4000:1:2::/48. If the Client3 sourced packet passes the cone_acl entry, a fullcone NAT binding will be applied and any server that knows the 4000:2:2:2::20 global address can initiate communications with Client3
Client4 An IPv4 NAPT dynamic configuration (IPv4 NAT Dynamic Configuration Example).
  • IPv4 standard access list clientIPv4_acl permits Client1‘s local IP address 10.1.1.4.
  • The IPv4 NAPT pool naptIPv4_pool has a single entry address of 200.1.1.20 to be used as the NAPT global IPv4 address. For this example, the source address port is 125. In the example, source port 125 is already in use. Port 80 is used instead. IPv4 external address 200.1.1.20:80 is used.
  • VLAN 20 is enabled as a NAT inside interface. VLAN 200 is enabled as a NAT outside interface.
Click to expand in new window
IPv4 NAT Dynamic Configuration Example
Graphics/NATDynamicIPv4ConfigExp1.png
Click to expand in new window
IPv6 NAT Dynamic Configuration Example
Graphics/NATDynamicIPv6ConfigExp1.png