Specifications
14-22
Cisco Security Appliance Command Line Configuration Guide
OL-6721-01
Chapter 14 Applying NAT
Using Dynamic NAT and PAT
Configuring Dynamic NAT or PAT
This section describes how to configure dynamic NAT or dynamic PAT. The configuration for dynamic
NAT and PAT are almost identical; for NAT you specify a range of mapped addresses, and for PAT you
specify a single address.
Figure 14-19 shows a typical dynamic NAT scenario. Only translated hosts can create a NAT session,
and responding traffic is allowed back. The mapped address is dynamically assigned from a pool defined
by the global command.
Figure 14-19 Dynamic NAT
Figure 14-20 shows a typical dynamic PAT scenario. Only translated hosts can create a NAT session, and
responding traffic is allowed back. The mapped address defined by the global command is the same for
each translation, but the port is dynamically assigned.
Figure 14-20 Dynamic PAT
For more information about dynamic NAT, see the “Dynamic NAT” section on page 14-5. For more
information about PAT, see the “PAT” section on page 14-6.
Note If you change the NAT configuration, and you do not want to wait for existing translations to time out
before the new NAT information is used, you can clear the translation table using the clear xlate
command. However, clearing the translation table disconnects all current connections that use
translations.
10.1.1.1 209.165.201.1
Inside Outside
10.1.1.2 209.165.201.2
130032
Security
Appliance
10.1.1.1:1025 209.165.201.1:2020
Inside Outside
10.1.1.1:1026 209.165.201.1:2021
10.1.1.2:1025 209.165.201.1:2022
130034
Security
Appliance