Difference between a static NAT pool, and a dynamic NAT pool

Article:TECH83992  |  Created: 2005-01-13  |  Updated: 2009-01-22  |  Article URL http://www.symantec.com/docs/TECH83992
Article Type
Technical Solution



You want more information on network address transform (NAT) pools. You need to know the functional difference between a static one to one NAT pool and a dynamic pool of one address.


A NAT pool is a set of addresses that are designed as replacement addresses for client IP addresses. Static and dynamic are the two types of NAT pools. In a static NAT pool you map a client IP address to a specific NAT pool address (one to one).This mapping physically binds the source and destination to the specified address. In effect it functions bidirectional and handles inbound redirect.

In a dynamic NAT pool maps a client IP address to an IP address dynamically chosen from a pool of addresses. This mapping binds the source but not the destination. You can successfully handle redirect of inbound traffic. Outbound traffic can still come from an alternate address as the physical binding does not take place.

A dynamic NAT pool of one address only binds the source, and not the destination. That way, you are able to successfully handle traffic inbound with a redirect, but the outbound traffic can still come from an alternate address as the physical binding is not taking place with the dynamic NAT pool. The traffic will still be bound on the outbound side to that one address, but that should not interfere with the inbound traffic using the redirect.

One specific reason to use a dynamic NAT pool is when configuring an inbound SMTP rule and redirect to one address. The out bound traffic could come from a different location, such as a spam filter. You need both inbound traffic and outbound traffic to use the same external address or MX record. Using a dynamic NAT pool of one address allows you to redirect inbound traffic to the mail servers. It allows the filtering device to send outbound traffic to the same NAT pool address for outbound mail.

Note: A dynamic NAT pool is not necessary in all mail scenarios. A static one to one NAT pool works for many installations.

Legacy ID


Article URL http://www.symantec.com/docs/TECH83992

Terms of use for this information are found in Legal Notices