NAT & PAT Explained: How Private IPs Reach the Internet
NAT (Network Address Translation) lets devices with private IP addresses reach the public internet by translating their addresses at the router. The most common form, PAT (overload), lets hundreds of devices share a single public IP by tracking port numbers.
Three types of NAT
- Static NAT — one private IP permanently mapped to one public IP (for servers you reach from outside).
- Dynamic NAT — private IPs mapped to a pool of public IPs, first-come first-served.
- PAT / NAT overload — many private IPs share one public IP, distinguished by port number. This is what home and office routers do.
Inside vs outside addresses
NAT terminology trips people up: inside local is the private IP as seen inside; inside global is its translated public representation; outside global is the real public destination. Knowing these four terms is essential for CCNA NAT questions.
Frequently asked questions
What is the difference between NAT and PAT?
NAT maps addresses one-to-one or to a pool; PAT (overload) maps many private addresses to a single public address using unique port numbers to tell sessions apart.
Why is NAT used?
NAT conserves scarce public IPv4 addresses and hides internal addressing, letting many private devices share a few (or one) public IP.
Does IPv6 need NAT?
Generally no — IPv6's vast address space removes the address-conservation reason for NAT, though some translation mechanisms exist for transition and policy.
Related articles
Want hands-on training?
Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.