Solved

NAT Dynamic and Dynamic PAT(Hide)

Posted on 2014-12-17
8
1,567 Views
Last Modified: 2014-12-26
IN ASA firewall , when Adding Network Object in NAT Rules, I see options: Static, Dynamic PAT(Hide), Dynamic.
Static, is translating one internal IP address  to one external IP address.
What about the 2 others Dynamic PAT(Hide), Dynamic ? can someone explain the difference ?

Any help will be very much appreciated.

Thanks
0
Comment
Question by:jskfan
  • 4
  • 3
8 Comments
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
Comment Utility
Dynamic NAT is where you have a pool of addresses that get allocated to different host traffic.  In its most basic form, you could have 30 addresses which you own (or rent).   You would put those addresses in a pool.  Then as users try to get outside, an address is assigned to that host for the duration.  When they're done, the address gets returned to the pool as available.  In a manner of speaking, its similar to DHCP. Except instead of assigning addresses to hosts, its assigning addresses for NAT use.

PAT (also known as "One-to-many" or "overloading") is where all the hosts on your network have their inside addresses translated to a single outside address. This is probably the most common type of NAT in use today.
0
 

Author Comment

by:jskfan
Comment Utility
OK... I believe with PAT, the NAT will add a random port number to the public address.

I do not know why it says "Hide"
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
IIRC, Dynamic PAT (hide) is overloading a NAT pool.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 

Author Comment

by:jskfan
Comment Utility
I know PAT is overloading, it is adding a random port number to the IP.
I am not sure about the word "Hide"
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 500 total points
Comment Utility
I think you're getting stuck on a piece of non-essential nomenclature.

The "(Hide)" is just another indicator that overloading (or PAT) is in effect.
0
 

Author Comment

by:jskfan
Comment Utility
OK....I was curious (...)
Thanks
0
 

Author Closing Comment

by:jskfan
Comment Utility
Thanks
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

I have seen some questions on problems with SSH/telnet access to Cisco routers that may occur despite the fact that from a PC connected to your LAN, Internet connectivity is in place and users can access Internet sites without any issues.  There are…
From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now