Chapter 14: Network Address Translation Configuration Guide230 SmartSwitch Router User Reference ManualUsing Dynamic NAT with IP OverloadDynamic NAT with IP overload can be used when the local network (inside network) willbe initializing the connections using TCP or UDP protocols. It creates a binding at runtime when the packet comes from a local network defined in the NAT dynamic local ACLpool. The difference between the dynamic NAT and dynamic NAT with PAT is that PATuses port (layer 4) information to do the translation. Hence, each global IP has about 4000ports that can be translated. NAT on the SSR uses the standard BSD range of ports from1024-4999 which is fixed and cannot be configured by the user. The network administratordoes not have to worry about the way in which the bindings are created; he/she just setsthe pools and the SSR automatically chooses a free global IP from the global pool for thelocal IP.Dynamic bindings are removed when the flow count goes to zero or the timeout has beenreached. The removal of bindings frees the port for that global and the port is available forreuse. When all the ports for that global are used, then ports are assigned from the nextfree global. If no more ports and globals are available, the packets will be dropped.Dynamic NAT with Outside Interface RedundancyThe following example configures a dynamic address binding for inside addresses10.1.1.0/24 to outside addresses 192.50.20.0/24 on interface 192-net and to outsideaddresses 201.50.20.0/24 on interface 201-net:The first step is to create the interfaces:et.2.2(201.50.20.0/24)et.2.1(10.1.1.1/24)IP network 10.1.1.0/24Routerinterface 10-net interface 201-net10.1.1.410.1.1.210.1.1.3Outbound: Translate source pool 10.1.1.0/24 to global pool 192.50.20.0/24Global Internet(192.50.20.0/24)interface 192-netet.2.3Translate source pool 10.1.1.0/24 to global pool 201.50.20.0/24interface create ip 10-net address-netmask 10.1.1.1/24 port et.2.1interface create ip 192-net address-netmask 192.50.20.0/24 port et.2.2interface create ip 201-net address-netmask 201.50.20.0/24 port et.2.3