PAT v DNAT
control
Member Posts: 309
in CCNA & CCENT
Hi,
I have been reading up on PAT and DNAT. My question is, why would you use one over the other?
If PAT only requires one public I.P address, why would you bother with DNAT for example, which requires a 1 public to 1 private?
Thanks
I have been reading up on PAT and DNAT. My question is, why would you use one over the other?
If PAT only requires one public I.P address, why would you bother with DNAT for example, which requires a 1 public to 1 private?
Thanks
Comments
-
chmorin
Member Posts: 1,446 ■■■■■□□□□□
Hi,
I have been reading up on PAT and DNAT. My question is, why would you use one over the other?
If PAT only requires one public I.P address, why would you bother with DNAT for example, which requires a 1 public to 1 private?
Thanks
First thing that comes to my mind is DMZ. Lets say you have a section of devices that need to be reachable by the Internet, and need them to have global IP addresses on the way out and have them be forwarded correctly on the way in. You would need to assign the WAN IP address to translate each LAN IP address so they can be reachable via the Internet and by LAN sources.Currently PursuingWGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)mikej412 wrote:Cisco Networking isn't just a job, it's a Lifestyle. -
control
Member Posts: 309
First thing that comes to my mind is DMZ. Lets say you have a section of devices that need to be reachable by the Internet, and need them to have global IP addresses on the way out and have them be forwarded correctly on the way in. You would need to assign the WAN IP address to translate each LAN IP address so they can be reachable via the Internet and by LAN sources.
Thanks for that.
So in that case, would the dmz devices require a static permanent WAN IP to Private IP if they are to be reachable from the outside?
I'm thinking that if it's done dynamically, the local devices could end up with a different WAN IP which could cause problems? -
chmorin
Member Posts: 1,446 ■■■■■□□□□□
Thanks for that.
So in that case, would the dmz devices require a static permanent WAN IP to Private IP if they are to be reachable from the outside?
I'm thinking that if it's done dynamically, the local devices could end up with a different WAN IP which could cause problems?
I just noticed that this was about DNAT vs PAT, my bad.
For most practical use, PAT is used. You are correct that if you were using dynamic allocation of NAT addresses you would have issues if you needed each device to have a specific address.
You can use DNAT when you want particular ports to use a specific IP address. Similar to port forwarding.Currently PursuingWGU (BS in IT Network Administration) - 52%| CCIE:Voice Written - 0% (0/200 Hours)mikej412 wrote:Cisco Networking isn't just a job, it's a Lifestyle. -
control
Member Posts: 309
Regarding PAT -
What would happen if 65535 simultaneous connections were required when using only 1 external IP? -
Forsaken_GA
Member Posts: 4,024
Regarding PAT -
What would happen if 65535 simultaneous connections were required when using only 1 external IP?
It'd be less than that, you forgot to reserve the low ports.
And let's flip it around - what do you think would happen? (besides your router crashing from an overfilled state table, that is) -
hypnotoad
Banned Posts: 915
I've never seen more than 5,000...but that doesn't mean much. What are your personal records for NAT translations? I think when you hit the limit it starts rejecting new connections. Might be fun to try.
