F Introduction to Dynamic PAT and Dynamic NAT - The Network DNA: Networking, Cloud, and Security Technology Blog
Home / Cisco / Networks / Introduction to Dynamic PAT and Dynamic NAT

Introduction to Dynamic PAT and Dynamic NAT

October 30, 2020 ,

Today in this article we are going to talk about the Dynamic NAT ( Network Address Translation) and Dynamic PAT ( Port Address Translation) protocols. First of all we will start with the Dynamic NAT followed by Dynamic PAT.

Dynamic PAT : Port Address Translation
Dynamic PAT interprets numerous real addresses to a single mapped IP address by translating the real address and source port to the mapped address and a unique port. If accessible, the real source port number is used for the mapped port. 

Though, if the real port is not reachable, by default the mapped ports are selected from the unchanged range of ports as the real port number: 0 to 511, 512 to 1023, and 1024 to 65535.  


Fig 1.1- Dynamic PAT



Consequently, ports below 1024 have only a small PAT pool that can be used. If you have a lot of traffic that uses the lower port ranges, you can indicate a flat range of ports to be used instead of the three unequal-sized tiers.

Dynamic PAT may also generate a large number of connections developing to come from a single IP address, and servers might translate the traffic as a DoS attack. We can construct a PAT pool of addresses and use a round-robin consignment of PAT addresses to diminish this situation.

Disadvantages of Dynamic PAT
  • Dynamic PAT allows to use a single mapped address, thus preserving routable addresses. We can even use the ASA Firewall interface IP address as the PAT address.
  • Dynamic PAT does not work with some multimedia applications that have a data stream that is dissimilar from the control path.
Dynamic NAT: Network Address Translation
If we talked about the Dynamic NAT, it interprets a collection of real addresses to a pool of mapped addresses that are routable on the target network. The mapped pool usually comprises lesser addresses than the real group.

When a host need to interpret accesses the target network, the ASA allocates the host an IP address from the mapped pool. The translation is generated only when the real host originates the connection. 

Fig 1.2- Dynamic NAT


The translation is in place only for the period of the connection, and a specified user does not preserve the same IP address after the transformation times out. Users on the destination network, therefore, cannot originate a consistent connection to a host that uses dynamic NAT, even if the connection is permitted by an access rule.

Disadvantages of the Dynamic NAT
  • If the mapped pool has lesser addresses than the real group, we could run out of addresses if the amount of traffic is more than expected.
  • Use PAT or a PAT fallback method if this event occurs often because PAT provides over 64,000 translations using ports of a single address.
  • You have to use a huge number of routable addresses in the mapped pool, and routable addresses may not be accessible in large quantities.