Masquerade NAT is a special application of source NAT. It is typically used when the Internet-facing interface has a dynamic IP address provided by a mechanism such as DHCP. In these cases, configuring a static translation address is not appropriate as the address assigned to the interface can change. Specifying masquerade as the translation address instructs the system to use the IP address currently assigned to the outbound interface as the translation address.
Masquerade NAT rules typically consist of match conditions that contain the following characteristics:
- The source network (usually the private IP network assigned to LAN devices)
- The outbound interface (the Internet-facing interface that is assigned the dynamic IP address)
The following figure shows an example of masquerade NAT.
To configure NAT in this way, perform the following steps in configuration mode.
Create SNAT rule 10.
Apply this rule to packets coming from any host on the 10.0.0.0/24 network and egressing through the dp0p1p1 interface.
Use the IP address of the outbound interface as the outside address.
Commit the change.
Show the configuration.