Solved

NAT Dynamic and Dynamic PAT(Hide)

Posted on 2014-12-17
8
1,945 Views
Last Modified: 2014-12-26
IN ASA firewall , when Adding Network Object in NAT Rules, I see options: Static, Dynamic PAT(Hide), Dynamic.
Static, is translating one internal IP address  to one external IP address.
What about the 2 others Dynamic PAT(Hide), Dynamic ? can someone explain the difference ?

Any help will be very much appreciated.

Thanks
0
Comment
Question by:jskfan
  • 4
  • 3
8 Comments
 
LVL 50

Accepted Solution

by:
Don Johnston earned 500 total points
ID: 40506003
Dynamic NAT is where you have a pool of addresses that get allocated to different host traffic.  In its most basic form, you could have 30 addresses which you own (or rent).   You would put those addresses in a pool.  Then as users try to get outside, an address is assigned to that host for the duration.  When they're done, the address gets returned to the pool as available.  In a manner of speaking, its similar to DHCP. Except instead of assigning addresses to hosts, its assigning addresses for NAT use.

PAT (also known as "One-to-many" or "overloading") is where all the hosts on your network have their inside addresses translated to a single outside address. This is probably the most common type of NAT in use today.
0
 

Author Comment

by:jskfan
ID: 40506138
OK... I believe with PAT, the NAT will add a random port number to the public address.

I do not know why it says "Hide"
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40518417
IIRC, Dynamic PAT (hide) is overloading a NAT pool.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:jskfan
ID: 40518432
I know PAT is overloading, it is adding a random port number to the IP.
I am not sure about the word "Hide"
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 500 total points
ID: 40518438
I think you're getting stuck on a piece of non-essential nomenclature.

The "(Hide)" is just another indicator that overloading (or PAT) is in effect.
0
 

Author Comment

by:jskfan
ID: 40518881
OK....I was curious (...)
Thanks
0
 

Author Closing Comment

by:jskfan
ID: 40518883
Thanks
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cisco switch 3750E port channel down 13 29
ip igmp join-group 8 37
ASA 5505 packet drops 14 42
Can we see Configuration labeled by "commit label xxx" in ASR9K? 2 13
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

765 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question