Introduction to NAT and PAT

This topic is to discuss the following lesson:

Hello Rene,
Great video. I have a suggestion please. Can you start doing like a CCIE video series, many people understand better with videos and the way you explain topics is very great and straight forward, i hope you can implement this idea which will be so great. thanks


Hi Ammar,

Glad to hear you like it. About the videos, I will. My goal is to have a video for each of the tutorials I have.


Hello Rene,
That would be perfect. People like videos and prefer them more that going through books haha , i am looking forward for the videos. Thanks

If we already have dynamic NAT then why there is a need for PAT?

When you use dynamic NAT, you require a pool with public IP addresses. Each host that gets translated requires a public IP address from the pool.

PAT allows us to translate multiple private IP addresses to a single public IP address.

Rene is it possible when configuring NAT on a router on GNS3 to provide a simulation which will enable or facilitate actual translations in the NAT table without generating actual live production network traffic from a host(s)… on your lab gns3 router …hope this makes sense

Hi William,

You can’t simulate NAT traffic on the local router. If you want to see some NAT translations, you’ll have to send some traffic through your router. When I have to test something like this I like to use another router or switch as the “host” device. Some quick pings are enough to test NAT.


Hi Rene,
I have two questions.

  1. What is the difference between PAT and CGNAT?

  2. When using PAT, will the NAT router change the source port,no matter what source port is used by the LAN device? If yes, it should have a mapping table between host’s source port and the new source port assigned by NAT router. Isn’t it?

Hi Rakesh,

PAT means port address translation, this doesn’t mean that the source port is always changed though. Take a look at this example:

How to configure PAT on Cisco IOS Router

Look for the show ip nat translations command in that lesson. You can see the source ports remain the same, the router will only change these if two hosts happen to pick the same source port number.

CGNAT stands for Carrier Grade NAT. Some ISPs don’t give their customers public IP addresses anymore but private IP addresses. The ISP will use NAT/PAT to put many customers behind a single public IP address.


Hi Rene,

  1. If we have multiple hosts in a LAN behind a router & want to connect server in Internet. So, NAT alone doesnt work here. Both NAT+PAT should be used together. Pls confirm. (Assume, we have only one public IP)
    2)How to find PAT mapping ? any commnad?


Hi Ashok,

If you have multiple hosts behind a single public IP address then you will need PAT yes. Right above your reply is the link to my PAT tutorial, which explains everything.


Hi Rene,

I have a question that’s been bothering me for a while. If your ISP routes you a public /24, how do you put all those 255 addresses on a single router? The router would need to have these configured to be able to use them as source addresses, right?

Thanks in advance,

Hi Shawn,

If you are using PAT, you don’t need to assign all those public IP’s that you are getting from your ISP to your router. As explained by Rene in the lesson, using 1 Public IP which is assigned to the outside interface can be used to PAT your source address to the internet. Even-though, you can add more than 1 public IP to the interface as a secondary IP.

I recommend you to check this lab:

How to configure PAT on Cisco IOS Router

Hi, and thank you for the reply. I was talking about dynamic NAT, or Static NAT, where you would have a pool of Public IP addresses and a pool of private addresses. In order to use one of the public IP addresses as your new source address, it has to be configured on the router, right? Or can you just have your ISP route you the subnet and they will see the source ip as it get’s NAT’d and know what to do with it.

I hope this makes more sense, I am not talking about PAT (layer 4) at all.


Hi Shawn,

If I understand your question correctly, you have a subnet of /24 public IP from your ISP and you want to use it in a Dynamic NAT by which your private internal IP’s can go to the internet. If this is the case, you don’t need to have a pool of private IP’s as you mentioned. What you need is to configure a pool of your public IP in the Dynamic NAT by which each internal host will reserve one Public IP to go to the internet.

For example: if you have configured in your router a pool of 5 public IP’s then only 5 internal private IP’s at a time can go to the internet. In other word, every private IP will reserve an available public IP from the pool.

I can refer you to this lesson for more information:
Configure Dynamic NAT

Please explain what is a bidirectional NAT

Hi Pavan,

In most NAT/PAT examples, we only translate the source IP address.

With bi-directional NAT, you can translate both the source and destination IP address at the same time.