Hello, you are using an old browser that's unsafe and no longer supported. Please consider updating your browser to a newer version, or downloading a modern browser.
Training Camp • Cybersecurity Glossary
A range of public IP addresses a NAT device draws from to translate many private hosts' traffic for internet access, often combined with PAT.
NAT Pool Definition: A range of public IP addresses a NAT device draws from to translate many private hosts' traffic for internet access, often combined with PAT.
A NAT pool is a defined range of public (routable) IP addresses that a Network Address Translation device draws from to translate the private addresses of internal hosts. Instead of mapping all internal traffic to a single public IP, the device dynamically assigns addresses from the pool, enabling many private hosts to reach the internet while conserving and managing public address space.
The NAT device maintains a translation table mapping inside local addresses to public addresses allocated from the pool. In dynamic NAT, each internal host that initiates a session gets a pool address for the duration of that session; when combined with Port Address Translation (PAT/overload), many internal hosts share one or a few pool addresses distinguished by source port numbers, allowing far more concurrent connections than addresses. On Cisco IOS this is configured with an ip nat pool statement referenced by a NAT rule.
For security, NAT pools provide a degree of topology hiding: external parties see only pool addresses, not the internal addressing scheme, which obscures the internal network and prevents direct inbound connections to private hosts unless explicitly mapped. While NAT is not a substitute for a firewall, it adds a barrier against unsolicited inbound traffic. Pool sizing also matters, exhausting the pool denies new outbound sessions, a potential availability issue an attacker could try to trigger.
For example, a branch office with 500 internal devices is allocated a small block of eight public IP addresses. The administrator configures a NAT pool of those eight addresses with PAT overload. As users browse the internet, the router maps their private 10.x addresses to public addresses from the pool, multiplexing thousands of sessions across the eight IPs by varying source ports. Outsiders observing the traffic see only the pool addresses, never the internal 10.x hosts, keeping the internal layout hidden while every user retains internet access.
Turn knowledge into credentials with our instructor-led cybersecurity boot camps.
View All Courses →