Static NAT (Network Address Translation) is one-to-one mapping of a private IP address to a public IP address. Static NAT is useful when a network device inside a private network needs to be accessible from internet. A common example is Static NAT configured on Router or Firewall for providing access to Web Facing application in LAN for Users who are on Internet. With static NAT, translations remain in the NAT translation table as soon as you configure static NAT command, and they remain in the translation table until static NAT is deleted.
Below scenario shows static NAT configured on Router for giving access to Web Server (Private IP = 192.168.0.2). For outside users, the Web Server IP is 220.127.116.11 which translates to 192.168.0.2 when request from user hits the Router and enters into LAN.
Dynamic NAT is uses the concept of “POOL” of public IP addresses that can be assigned internal LAN endpoints dynamically. The NAT router creates a one-to-one mapping between an inside local and inside global address and changes the IP addresses in packets as they exit and enter the inside network. Dynamic NAT can’t be used to NAT for servers and devices that need to be accessible from the Internet. With dynamic NAT, translations do not exist in the NAT table until the router receives traffic that requires translation. Dynamic translations have a timeout period after which they are purged from the translation table.
Below scenario shows dynamic NAT configured on Router for giving internet access to hosts (Private IP = 192.168.0.2 and 192.168.0.3). The NAT Router translates private source IP of LAN endpoints into Public IPs (18.104.22.168 and 22.214.171.124 respectively) .
NAT Overload is another type of dynamic NAT which can map multiple private IP addresses to a single public IP address by using a technology known as Port Address Translation. In this case, multiple internal devices are able to share one public address, as mappings are placed into the mappings table based on the source and destination ports that are used. When using PAT, the router maintains unique source port numbers on the inside global IP address to distinguish between translations.
Below scenario shows NAT Overload (PAT) configured on Router for giving internet access to multiple inside hosts (Private IP = 192.168.0.2 and 192.168.0.3). The NAT Router translates private source IP of LAN endpoints into same Public IP but with different port number ie 126.96.36.199:1000 and 188.8.131.52:1001 respectively.