3 NAT Types: Static, Dynamic and Overload

In this article, we are going to discuss 3 NAT Types – Static NAT, Dynamic NAT and Overload NAT. Network Address Translation helps to map multiple private IP addresses to single or few public IP address before the data is sent on the internet. Thus it adds layer of protection by hiding the internal IP addresses from external network. Let’s discuss the different types of NAT.

NAT Types

Static NAT

Static NAT (Network Address Translation) is a one-to-one mapping of a private IP address to a public IP address. Static NAT is useful when a network device inside a private network needs to be accessible from the internet. A common example is Static NAT configured on Router or Firewall for providing access to Web Facing application in LAN for Users who are on the Internet. With static NAT, translations remain in the NAT translation table as soon as you configure static NAT command, and they remain in the translation table until static NAT is deleted.

Related –NAT Interview Questions & Answers

Example Configuration

Below scenario shows static NAT configured on Router for giving access to Web Server (Private IP = 192.168.0.2). For outside users, the Web Server IP is 200.200.200.2 which translates to 192.168.0.2 when a request from user hits the Router and enters into LAN.

Related– Static NAT configuration on Cisco ASA Firewall

What is Dynamic NAT

Dynamic NAT uses the concept of “POOL” of public IP addresses that can be assigned internal LAN endpoints dynamically. The NAT router creates a one-to-one mapping between an inside local and inside global address and changes the IP addresses in packets as they exit and enter the inside network. Dynamic NAT can’t be used to NAT for servers and devices that need to be accessible from the Internet. With dynamic NAT, translations do not exist in the NAT table until the router receives traffic that requires translation. Dynamic translations have a timeout period after which they are purged from the translation table.

Example Configuration

Below scenario shows dynamic NAT configured on Router for giving internet access to hosts (Private IP = 192.168.0.2 and 192.168.0.3). The NAT Router translates private source IP of LAN endpoints into Public IPs (200.200.200.2 and 200.200.200.3 respectively).

Related- Dynamic NAT configuration on Cisco ASA

NAT Overload/ PAT

NAT Overload also known as Port Address Translation is another type of dynamic NAT which can map multiple private IP addresses to a single public IP address by using a technology known as Port Address Translation. In this case, multiple internal devices are able to share one public address, as mappings are placed into the mappings table based on the source and destination ports that are used. When using PAT, the router maintains unique source port numbers on the inside global IP address to distinguish between translations.

Example Scenario

Below scenario shows NAT Overload (PAT) configured on Router for giving internet access to multiple inside hosts (Private IP = 192.168.0.2 and 192.168.0.3). The NAT Router translates private source IP of LAN endpoints into same Public IP but with different port number ie 200.200.200.2:1000 and 200.200.200.2:1001 respectively.

Related- NAT Overload in Cisco Router

Comparison Table: Static NAT vs Dynamic NAT vs NAT Overload

Below table summarizes the difference between the 3 types of NAT:

Download the comparison table: Static NAT vs Dynamic NAT vs NAT Overload

Hope this article helped you better understand the difference between the three types of NAT.

Related- Cisco IOS NAT

ABOUT THE AUTHOR

Rashmi Bhardwaj

Founder of AAR TECHNOSOLUTIONS, Rashmi is an evangelist for IT and technology. With more than 12 years in the IT ecosystem, she has been supporting multi domain functions across IT & consultancy services, in addition to Technical content making.

You can learn more about her on her linkedin profile – Rashmi Bhardwaj