What is Dynamic NAT (Network Address Translation)

Before continuing, learn why we need Network Address Translation (NAT), if you are new to the concept.

In Dynamic NAT, when a computer from "Inside Network" sends an IP Datagram to "Outside Network", the NAT device translates the source IP address with a public IP address and forwarded to the public network. Available public IP addresses are configured as a pool of IP addresses.

An IP Address Pool is a set of contiguous IP addresses, specified with a start IP Address, an end IP Address and its subnet mask.

Let us consider a real-time example to understand the concept of Dynamic NAT more clearly. Refer below network topology. Computer 1 and Computer 2 are two devices inside our network configured with private IPv4 addresses. Computer 1 and Computer 2 are going to establish a TCP connection to a Server located in the Internet, configured with an IP address of 1.23.28.43.

We will analyze IPv4 traffic before and after Dynamic NAT, as it flows from Inside Network to Outside Network. We have an inside network, configured with IPv4 network address 192.168.0.0/24. The device performing NAT (NAT Device) is a Cisco IOS Router. IP Addresses of two computers (Inside network) we use to analyse traffic are 192.168.0.12/24 (Computer 1) and 192.168.0.13/24 (Computer 2).

Please note that "A" is a point marked inside our network where we capture the inside network traffic, before NAT. "B" is another point marked outside our network where we capture outside network traffic, after NAT.

IP Address of the Router interface facing inside network is 192.168.0.1/24.

IP Address of the Router interface facing outside network is 137.186.57.8/24.

Start IP Address of the IP Address pool configured on the Router for Dynamic NAT is 137.186.57.12/24. End IP Address of the IP Address pool configured on the Router for Dynamic NAT is 137.186.57.254/24.

IPv4 Traffic from Computer 1 (192.168.0.12) to 1.23.28.43, before and after Dynamic NAT

Below Wireshark screen shown is TCP SYN request from Computer 1 (IP Address 192.168.0.12) to 1.23.28.43, captured at point "A". We can see that the Source IPv4 Address is 192.168.0.12 and Destination IP Address is 1.23.28.43. Source port number is 53044 and Destination port number is TCP 22 (SSH).

Below capture from point "A" shows the original IP Datagram before Dynamic NAT.

Below Wireshark screen shown is the same TCP SYN request from Computer 1 (IP Address 192.168.0.12) to 1.23.28.43, captured at point "B". We can see from below Wireshark screenshot that the Source IPv4 Address is translated to 137.186.57.12. The translated IPv4 Address is the first IP Address available in the IP Address pool.

Please note that there is no change in Source and Destination TCP Ports. Source port number is 53044 and Destination port number is TCP 22 (SSH).

Below capture from point "B" shows the translated IPv4 Datagram, after Dynamic NAT.

IPv4 Traffic from Computer 2 (192.168.0.13) to 1.23.28.43, before and after Dynamic NAT

Below Wireshark screen shown is TCP SYN request from Computer 2 (IPv4 Address 192.168.0.13) to 1.23.28.43, captured at point "A". We can see that the Source IPv4 Address is 192.168.0.13 and Destination IP Address is 1.23.28.43. Source port number is 47468 and Destination port number is TCP 22 (SSH).

Below capture from point "A" shows the original IP Datagram before NAT.

Below Wireshark screen shown is the same TCP SYN request from Computer 2 (IP Address 192.168.0.13) to 1.23.28.43, captured at point "B". We can see from below Wireshark screenshot that the Source IPv4 Address is translated to 137.186.57.13. The translated IPv4 Address is the second IP Address available in the IP Address pool.

Please note that there is no change in Source and Destination TCP Ports. Source port number is 47468 and Destination port number is TCP 22 (SSH).

Below capture from point "B" shows the translated IP Datagram, after NAT.

In Dynamic NAT, IP Addresses are translated using IP Addresses configured in a pool of IP Addresses, on a "first-come" "first-served" basis. No NAT is possible if all the IP Addresses in the pool are in use.