Figure 1 shows the steps and the commands used to configure dynamic NAT.
Step 1. Define the pool of addresses that will be used for translation using the ip nat pool command. This pool of addresses is typically a group of public addresses. The addresses are defined by indicating the starting IP address and the ending IP address of the pool. The netmask or prefix-length keyword indicates which address bits belong to the network and which bits belong to the host for the range of addresses.
Step 2. Configure a standard ACL to identify (permit) only those addresses that are to be translated. An ACL that is too permissive can lead to unpredictable results. Remember there is an implicit deny all statement at the end of each ACL.
Step 3. Bind the ACL to the pool. The ip nat inside source list access-list-number number pool pool name command is used to bind the ACL to the pool. This configuration is used by the router to identify which devices (list) receive which addresses (pool).
Step 4. Identify which interfaces are inside, in relation to NAT; that is, any interface that connects to the inside network.
Step 5. Identify which interfaces are outside, in relation to NAT; that is, any interface that connects to the outside network.
Figure 2 shows an example topology and configuration. This configuration allows translation for all hosts on the 192.168.0.0/16 network, which includes the 192.168.10.0 and 192.168.11.0 LANs, when they generate traffic that enters S0/0/0 and exits S0/1/0. These hosts are translated to an available address in the pool in the range 209.165.200.226 - 209.165.200.240.
Figure 3 shows the topology used for the Syntax Checker configuration. Use the Syntax Checker in Figure 4 to configure dynamic NAT on R2.