
The `ip nat pool` command is a crucial tool in network configuration, allowing the definition of a range of [IP addresses](/ipv4) for [Network Address Translation (NAT)](/network-address-translation-nat) with a specified [subnet mask](/ipv4-subnet-mask). Here’s a breakdown of important aspects to understand:

1. **Basic Command Structure**: The command format `ip nat pool [name] [start-ip] [end-ip] netmask [subnet-mask]` defines a NAT pool. For example, `ip nat pool CISCO 9.9.9.0 9.9.9.3 netmask 255.255.255.252` sets up a pool from 9.9.9.0 to 9.9.9.3 using a 255.255.255.252 subnet mask.

2. **Subnet Awareness**: The NAT process inherently respects the subnet mask, ensuring that [network and broadcast addresses](/ipv4-network-and-broadcast-addresses) are not allocated to hosts within the range. This avoids allocation issues in network communication.

3. **Flexibility and Overlap**: The command is versatile and can handle non-standard configurations. For example, configuring `ip nat pool MYPOOL 192.168.1.1 192.168.1.254 netmask 255.255.255.128` gives NAT addresses across:
   - 192.168.1.1 to 192.168.1.126
   - 192.168.1.129 to 192.168.1.254
   It automatically excludes unusable network (192.168.1.128) and broadcast (192.168.1.127) addresses based on the subnet mask.

4. **Complex Configurations**: An extreme setup like `ip nat pool MYPOOL 192.168.0.0 192.168.7.255 netmask 255.255.255.240` results in distribution across 128 subnets, while still excluding inappropriate addresses for each subnet.

Overall, while excluding network and broadcast addresses manually might be cleaner for some configurations, the `ip nat pool` command will manage these exclusions automatically.

## Links

https://networklessons.com/cisco/ccie-routing-switching/how-to-configure-dynamic-nat-on-cisco-ios-router/

IP NAT Pool Command Subnet Mask Behavior

IANA

ICANN

ICMP - Mitigating Vulnerabilities

ICMP - Vulnerabilities

ICMP - response to a ping that is blocked by an ACL

ICMP DF-bit in Echo Request and Reply

ICMP Echo Request and Reply Size

ICMP codes and types

ICMP

IEEE

IETF

IGMP - Snooping Querier Election

IGMP - Snooping Querier

IGMP - access group

IGMP - fast leave

IGMP - filtering using ACLs

IGMP - ip igmp snooping querier command

IGMP - membership report

IGMP - using VLAN access maps to filter multicast traffic

IGMP Join vs PIM Join in Multicast Routing

IGMP Snooping internal interface

IGMP Type 0x11 for Membership Queries

IGMP default IOS configurations

IGMP last member query interval

IGMP membership query max response time

IGMP membership reports destination

IGMP report suppression

IGMP snooping inspects PIM hello packets

IGMP snooping prevents report suppression

IGMP snooping source IP address for messages

IGMP version 1 how hosts stop receiving multicast traffic

IGMP

IGMPv2 - leave group message mechanism

IGRP

IOS - Configuration Archive and Rollback

IOS - ROMMON reset command

IOS - Right To Use (RTU) License

IOS - What is ROMMON

IOS - ip http server

IOS - show license command

IOS - using ftp or tftp source-interface command

IOS configuration register

IOS install mode vs bundle mode

IOS key chain feature

IP - When is the TTL decremented in a router

IP Address Management (IPAM) Tools

IP Addressing on a Router

IP Fragmentation - effects on network traffic

IP Fragmentation Attack

IP Precedence Values 6 and 7 Reserved for Control Plane traffic

IP Prefix-List Exact Match Behavior

IP Route Profile

IP Routing table - process by which entries are matched

IP SLA - Responder Functionality

IP SLA - Route Flapping Problem

IP SLA Parameters

IP SLA tracking syntax

IP addressing on a Switch

IP routing table - 'L' and 'C' entries

IP routing table - candidate default route

IP routing table - default route

IP routing table - static route

IPSec - Authentication Header (AH)

IPSec - ESP vs AH

IPSec - Encapsulating Security Payload (ESP)

IPSec - Key Exchange Data

IPSec - NAT, AH, and ESP

IPSec - crypto map multiple peers

IPSec - crypto-map vs transform-set

IPSec - why does IKE need two phases

IPSec ESP Wireshark decrypt payload

IPSec NAT Transparency

IPSec and NAT-T Interaction

IPSec profile operation with more than one crypto isakmp policy

IPSec

IPsec - does it support multicast

IPv4 - Internal Host Loopback Address Range

IPv4 - ToS Byte definition

IPv4 - classful addressing

IPv4 - classless addressing

IPv4 - header protocol field

IPv4 - no subnet mask information in the IP header

IPv4 - subnet mask

IPv4 Link-local address range

IPv4 Private IP address ranges

IPv4 Subnetting invalid entry causing network address of zero

IPv4 header length field

IPv4 network and broadcast addresses

IPv4 point to point addresses

IPv4

IPv6 - ACLs, RAs, and RSes

IPv6 - DHCPv6

IPv6 - EUI-64 best practice

IPv6 - IPv4-mapped IPv6 address

IPv6 - NDP Neighbor Discovery Process

IPv6 - NDP preferred and valid lifetimes

IPv6 - Network and Interface Identifiers

IPv6 - Prefix Length used for SLAAC

IPv6 - RA suppression command