Home --> Cisco Tips --> Dynamic NAT Configuration

Most cable modem and DSL routers offer the ability to share the single broadband connection to multiple computers on a home network.  Sharing a single internet connection and IP address is made possible by a technology called Network Address Translation (NAT), more specifically Dynamic NAT.  Simple home routers hide the complexities of NAT from the user, while Cisco devices reveal the inner workings and provide more granular control of the features.

Internet addresses are 32 bits long, allowing a possible 4.2 billion unique addresses.  If each person on earth required one IP address, the available addresses would be quickly exhausted.  One solution is the use of "private" IP addresses--address blocks that will never routed on the internet.  RFC 1918 establishes three private IP blocks:

        10.0.0.0 - 10.255.255.255
        172.16.0.0 - 172.31.255.255
        192.168.0.0 - 192.168.0.255

Because these addresses will never conflict with a public internet address, they can be used to provide a nearly endless supply of addresses for a private network.  A NAT router sits on the border between the private network and the public internet.  It basically relays network traffic on behalf of the private network hosts.  The following section examines how dynamic NAT is configured on Cisco IOS devices.

Configuration steps:

        1) Define the outside interface
        2) Define the inside interface(s)
        3) Define the inside address range
        4) Turn on NAT

Sample config:

interface ethernet0
        desc To Cable Modem
        ip address dhcp
        ip nat outside        <---- Defines outside interface
interface ethernet1
        desc Home LAN
        ip address 10.0.0.1
        ip nat inside          <---- Defines inside interface
access-list 100 permit ip 10.0.0.0 0.0.0.255 any     <---- Allow any host in 10.0.0.0/8 to access the outside
ip nat inside source list 100 interface ethernet0 overload