Does Aruba do NAT or PAT when the 'ip nat inside' command is issued?

Aruba Employee
Aruba Employee

Product and Software: This article applies to all Aruba controllers and ArubaOS 3.x.


Port Address Translation (PAT) is sometimes called "overloaded NAT". PAT takes address translation one step further and uses port addresses as well. PAT is a feature of the Aruba controller that translates TCP or UDP communications made between hosts on a private network and hosts on a public network.


The Aruba controller (PAT device) transparently modifies IP packets as they pass through it. The modifications make all the packets that it sends to the public network from the multiple hosts on the private network appear to originate from a single host (the PAT device) on the public network.


When you request something from a server on the Internet, say, "" on port 80, with a source port of 1500, your controller enters the information into the PAT table and works just the same as NAT would. (The source port is the port on which your computer expects to receive the data that the server returns. This number is also included in the IP packet header.) When information is returned to the server, it looks it up in the PAT table, and it finds a match for traffic coming from with a destination port of 1500 (the port your computer asked to get information back on). The server changes the IP packet header to make the destination IP address the address of your internal computer, and your computer gets the data.


The helpful thing about PAT working with ports, though, is that if you request information from a server at with a source port of 1500, and then another computer on your network requests information from the same server with the same source port, the controller notices that someone is already talking to with a source port of 1500, so it cannot use that source port. Instead the source port is changed to one number higher, so the information is sent to the server with a source port of 1501 instead.


When the controller receives information from on port 1501, it looks it up in the PAT table. The PAT table tells it that information coming from on port 1501 should go to your internal machine on port 1500.


This way, even when two separate machines talk to on port 1500, the controller makes sure that the two separate conversations do not interfere with one another. All this happens with only one public IP address.

Version history
Revision #:
1 of 1
Last update:
‎07-09-2014 01:32 PM
Updated by:
Labels (1)
Search Airheads
Showing results for 
Search instead for 
Did you mean: