Dynamic NAT

Dynamic NAT (Network Address Translation) allows internal devices using private IP addresses to access external networks using a shared pool of public IP addresses.

Instead of assigning a fixed public IP to each device (like Static NAT), Dynamic NAT uses a temporary 1-to-1 mapping between private and public IPs.

As you can see below, here our NAT router has a public IP pool of 3 addresses:

Figure 1 – Dynamic NAT assigns a temporary public IP from a shared pool when a device sends traffic

• 37.5.55.103

• 37.5.55.104

• 37.5.55.105

When a device from the internal network sends traffic to the internet, the router checks if a public IP is available in the pool. If one is free, it is assigned for the duration of the session. When the device stops sending traffic, the public IP is released back into the pool.

You can think of it like a temporary borrowing system and if a public IP is available, it gets one just for the time it needs.

Let’s walk through a concrete example.

Suppose host 192.168.1.5 wants to reach a server 8.8.8.8 on the internet.
The NAT router checks the pool of public IP addresses.

If one is available, it temporarily assigns it to 192.168.1.5 and forwards the traffic.

Figure 2 – Outgoing packet from internal host

The router maps 192.168.1.5 to 37.5.55.103, showing the traffic going out.

Figure 3 – NAT translation applied

When the session ends or becomes inactive, the router removes the mapping and returns the public IP to the pool.

Figure 4 – Public IP released

The public IP 37.5.55.103 is now free again for use by another device.

This process follows first-come, first-served logic:
only one internal host can use a specific public IP at a time.
If all public IPs are in use, new connections are denied.

Let’s now configure Dynamic NAT on a Cisco router. This setup enables multiple internal devices to access the internet using a limited set of public IPs.

Figure 5 – Configuring Dynamic NAT on a Cisco Router