NAT Overload Cisco (PAT) Explained

NAT Overload, also known as Port Address Translation (PAT), is a technique used by Cisco routers to allow multiple devices on a private network to share a single public IP address when accessing the internet.
Why does this matter?
Public IPv4 addresses are limited, and private IP addresses cannot be routed over the internet.
In modern networks, the number of devices needing internet access continues to grow, creating pressure on limited public IP resources.
This is where basic Dynamic NAT quickly runs into a problem.
A Common Scenario
Imagine four devices (PC1 to PC4) on a private network want to access the internet. You’ve configured Dynamic NAT with a pool of only three public IP addresses.
What happens?
Figure 1 – NAT pool full: Dynamic NAT limitation
PC1 to PC3: Their traffic is successfully translated and allowed online.
PC4: Its request is denied because the public IP pool is exhausted...
This highlights a major limitation of Dynamic NAT:
Each session requires one public IP address.
Once the pool is used up, no new sessions can be established.
Dynamic NAT does not scale well in environments with many simultaneous users. That’s why NAT Overload (PAT) is the preferred solution in most Cisco deployments.

Answer the question below
To solve this limitation, Cisco introduced PAT, also known as NAT Overload.
What Makes PAT Different?
Instead of assigning one public IP per device, PAT allows many internal devices to share a single public IP address.
How Does It Work?
PAT translates the source IP address and also the source port number. This combination (Source IP + Source Port) creates a unique identifier for each connection.
Figure 2 – PAT translating port numbers
PAT not only translates the source IP address but also the source port number.
This combination — Source IP + Source Port — forms a unique identifier for each session.
As a result, the router can track multiple connections, even if they all appear to come from the same public IP.
PAT in Action
Let’s walk through a simple example.
Example : PC1 Translation
PC1 sends a packet with Source IP 192.168.1.10 and Source Port 20001.
The router translates this packet with Source IP 37.5.55.103 and Source Port 40001.
The destination server sees the request as coming from 37.5.55.103:40001.
$NAT Overload Cisco diagram showing PC1 using source port 20001 translated by the router to 37.5.55.103:40001 with Inside Local and Inside Global address mapping\n\n$
Figure 3 – PC1 uses PAT to access the internet via port translation
The router stores this translation in its NAT table.
When the server replies, the router consults the table and forwards the packet back to PC1.
Let's view how PAT behaves when multiples devices sends traffic at the same time.
Multiple Devices Using PAT
Now let’s see what happens when multiple devices send traffic simultaneously:
40 % Complete: you’re making great progress
Unlock the rest of this lesson
If you’d like to continue your CCNA journey, create your free account now.
Access all free CCNA lessons
Practice with quizzes and level test
Progress tracking in your dashboard
Made by network engineers - CCNP certified
Create your Free Account
1151 learners continued their CCNA journey this month

NAT Overload (PAT)

1. Introduction

Why does this matter?

A Common Scenario

Answer the question below

2. PAT (Port Address Translation)

What Makes PAT Different?

How Does It Work?

PAT in Action

Example : PC1 Translation

Multiple Devices Using PAT

Unlock the rest of this lesson