In this article, we are going to discuss static vs dynamic NAT.
Static NAT (Network Address Translation) is a one-to-one mapping of a private IP address to a public IP address. Static NAT is useful when a network device inside a private network needs to be accessible from the internet. A common example is Static NAT configured on Router or Firewall for providing access to Web Facing application in LAN for Users who are on the Internet. With static NAT, translations remain in the NAT translation table as soon as you configure static NAT command, and they remain in the translation table until static NAT is deleted.
Related – NAT Interview Questions & Answers
Below scenario shows static NAT configured on Router for giving access to Web Server (Private IP = 192.168.0.2). For outside users, the Web Server IP is 18.104.22.168 which translates to 192.168.0.2 when a request from user hits the Router and enters into LAN.
Related– Static NAT configuration on Cisco ASA Firewall
Dynamic NAT uses the concept of “POOL” of public IP addresses that can be assigned internal LAN endpoints dynamically. The NAT router creates a one-to-one mapping between an inside local and inside global address and changes the IP addresses in packets as they exit and enter the inside network. Dynamic NAT can’t be used to NAT for servers and devices that need to be accessible from the Internet. With dynamic NAT, translations do not exist in the NAT table until the router receives traffic that requires translation. Dynamic translations have a timeout period after which they are purged from the translation table.
Below scenario shows dynamic NAT configured on Router for giving internet access to hosts (Private IP = 192.168.0.2 and 192.168.0.3). The NAT Router translates private source IP of LAN endpoints into Public IPs (22.214.171.124 and 126.96.36.199 respectively).
Related- Dynamic NAT configuration on Cisco ASA
NAT Overload is another type of dynamic NAT which can map multiple private IP addresses to a single public IP address by using a technology known as Port Address Translation. In this case, multiple internal devices are able to share one public address, as mappings are placed into the mappings table based on the source and destination ports that are used. When using PAT, the router maintains unique source port numbers on the inside global IP address to distinguish between translations.
Below scenario shows NAT Overload (PAT) configured on Router for giving internet access to multiple inside hosts (Private IP = 192.168.0.2 and 192.168.0.3). The NAT Router translates private source IP of LAN endpoints into same Public IP but with different port number ie 188.8.131.52:1000 and 184.108.40.206:1001 respectively.
Related- NAT Overload in Cisco Router
Hope this article helped you better understand the difference between Static NAT and Dynamic NAT.
Related- Cisco IOS NAT