Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.

Global Accelerated Learning • Est. 1999
Glossary Term NAT Overload

Training Camp • Cybersecurity Glossary

What is NAT Overload?

Another name for PAT, mapping many private IPs to one public IP using unique source ports so a whole LAN shares a single address.

Glossary > Network Security > NAT Overload

Understanding NAT Overload

NAT Overload, also called Port Address Translation (PAT), is a network address translation technique that maps many private IP addresses to a single public IP address by assigning each connection a unique source port number. This lets an entire LAN of internal hosts share one routable public address when reaching the internet.

It works by tracking translations in a table keyed on source IP, source port, destination, and protocol. When an internal host opens a session, the router rewrites the private source address to the public address and replaces the source port with a unique value, recording the mapping. Return traffic is matched against the table by that port and translated back to the correct internal host. Because the 16-bit port space allows tens of thousands of simultaneous sessions, one public IP can serve many devices.

This matters for security and address conservation. By hiding internal hosts behind a single public address, NAT Overload obscures the internal topology and prevents direct inbound connections to private hosts unless an explicit port forward exists, providing a measure of implicit protection (though it is not a substitute for a firewall). It is also the dominant reason a household or business can connect dozens of devices with a single ISP-assigned address amid IPv4 scarcity.

For example, a small office with 40 computers, phones, and printers connects through one router holding a single public IP. On a Cisco router the engineer configures an inside access list, then `ip nat inside source list 1 interface GigabitEthernet0/0 overload`. As employees browse the web, each session is translated to the public IP with a distinct port, all 40 devices share the address simultaneously, and external sites see only the single public address rather than the private hosts behind it.

Learn More About NAT Overload:

Ready to Get Certified?

Turn knowledge into credentials with our instructor-led cybersecurity boot camps.

View All Courses →