Dynamic NAT (Network Address Translation) allows internal devices using private IP addresses to access external networks using a shared pool of public IP addresses.
Instead of assigning a fixed public IP to each device (like Static NAT), Dynamic NAT uses a temporary 1-to-1 mapping between private and public IPs.
As you can see below, here our NAT router has a public IP pool of 3 addresses:
Figure 1 – Dynamic NAT assigns a temporary public IP from a shared pool when a device sends traffic
37.5.55.103
37.5.55.104
37.5.55.105
When a device from the internal network sends traffic to the internet, the router checks if a public IP is available in the pool. If one is free, it is assigned for the duration of the session. When the device stops sending traffic, the public IP is released back into the pool.
You can think of it like a temporary borrowing system and if a public IP is available, it gets one just for the time it needs.
Answer the question below
Let’s walk through a concrete example.
Suppose host 192.168.1.5 wants to reach a server 8.8.8.8 on the internet.
The NAT router checks the pool of public IP addresses.If one is available, it temporarily assigns it to 192.168.1.5 and forwards the traffic.
Figure 2 – Outgoing packet from internal host
The router maps 192.168.1.5 to 37.5.55.103, showing the traffic going out.
Figure 3 – NAT translation applied
When the session ends or becomes inactive, the router removes the mapping and returns the public IP to the pool.
Figure 4 – Public IP released
The public IP 37.5.55.103 is now free again for use by another device.
This process follows first-come, first-served logic:
only one internal host can use a specific public IP at a time.
If all public IPs are in use, new connections are denied.Answer the question below
Let’s now configure Dynamic NAT on a Cisco router. This setup enables multiple internal devices to access the internet using a limited set of public IPs.
Figure 5 – Configuring Dynamic NAT on a Cisco Router
Step 1 – Define the internal and external interfaces
We need to indicate which interface connects to the internal (private) network, and which one connects to the external (public) side:
40 % Complete: you’re making great progress
Unlock the rest of this lesson
If you’d like to continue your CCNA journey, create your free account now.
Access all free CCNA lessons
Practice with quizzes and level test
Progress tracking in your dashboard
Made by network engineers - CCNP certified
Create your Free Account1151 learners continued their CCNA journey this month