Dynamic NAT—A group of real IP addresses are mapped to a (usually smaller) group of mapped IP
addresses, on a first come, first served basis. Only the real host can initiate traffic. See the

“Dynamic

NAT” section on page 3-7

•

Dynamic Port Address Translation (PAT)—A group of real IP addresses are mapped to a single IP
address using a unique source port of that IP address. See the

“Dynamic PAT” section on page 3-8

•

Identity NAT—A real address is statically translated to itself, essentially bypassing NAT. You might
want to configure NAT this way when you want to translate a large group of addresses, but then want
to exempt a smaller subset of addresses. See the

“Identity NAT” section on page 3-10

Static NAT

This section describes static NAT and includes the following topics:

•

Information About Static NAT, page 3-3

•

Information About Static NAT with Port Translation, page 3-4

•

Information About One-to-Many Static NAT, page 3-5

•

Information About Other Mapping Scenarios (Not Recommended), page 3-6

Information About Static NAT

Static NAT creates a fixed translation of a real address to a mapped address. Because the mapped address
is the same for each consecutive connection, static NAT allows bidirectional connection initiation, both
to and from the host (if an access rule exists that allows it). With dynamic NAT and PAT, on the other
hand, each host uses a different address or port for each subsequent translation, so bidirectional initiation
is not supported.