NAT Dynamic and Dynamic PAT(Hide)

Posted on 2014-12-17
Last Modified: 2014-12-26
IN ASA firewall , when Adding Network Object in NAT Rules, I see options: Static, Dynamic PAT(Hide), Dynamic.
Static, is translating one internal IP address  to one external IP address.
What about the 2 others Dynamic PAT(Hide), Dynamic ? can someone explain the difference ?

Any help will be very much appreciated.

Question by:jskfan
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 50

Accepted Solution

Don Johnston earned 500 total points
ID: 40506003
Dynamic NAT is where you have a pool of addresses that get allocated to different host traffic.  In its most basic form, you could have 30 addresses which you own (or rent).   You would put those addresses in a pool.  Then as users try to get outside, an address is assigned to that host for the duration.  When they're done, the address gets returned to the pool as available.  In a manner of speaking, its similar to DHCP. Except instead of assigning addresses to hosts, its assigning addresses for NAT use.

PAT (also known as "One-to-many" or "overloading") is where all the hosts on your network have their inside addresses translated to a single outside address. This is probably the most common type of NAT in use today.

Author Comment

ID: 40506138
OK... I believe with PAT, the NAT will add a random port number to the public address.

I do not know why it says "Hide"
LVL 50

Expert Comment

by:Don Johnston
ID: 40518417
IIRC, Dynamic PAT (hide) is overloading a NAT pool.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 40518432
I know PAT is overloading, it is adding a random port number to the IP.
I am not sure about the word "Hide"
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 500 total points
ID: 40518438
I think you're getting stuck on a piece of non-essential nomenclature.

The "(Hide)" is just another indicator that overloading (or PAT) is in effect.

Author Comment

ID: 40518881
OK....I was curious (...)

Author Closing Comment

ID: 40518883

Featured Post

DevOps Toolchain Recommendations

Read this Gartner Research Note and discover how your IT organization can automate and optimize DevOps processes using a toolchain architecture.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question