SNAT vs DNAT | Source NAT vs Destination NAT

In this article, we will discuss SNAT (Source NAT) and DNAT (Destination NAT). Both terminologies are related to NAT (Network Address Translation). Before continue, I recommend, please take a look at Network Address Translation.


Source NAT (SNAT)


SNAT stands for Source NAT. Source NAT, as the name suggests, is used when an internal user initiates a connection with an outside Host. Here, the layer 3 device on which we already configured NAT, translate the private IP address of Host to Public IP. It may also translate the source port in the TCP or UDP protocol headers. Although, Cisco abbreviate it with Stateful NAT.

Destination NAT (DNAT)


On the other hand, DNAT abbreviation for Destination NAT. DNAT is used when an external Host with a Public IP, initiates a connection towards our Internal/Private Network. Here, the same layer 3 devices, convert the public IP address of that host to the private IP of the internal Host/Server.

The Destination NAT is configured for Demilitarized Zone (DMZ). In the DMZ, we usually put our Server with Private IP addresses. So, public users can access them with the help of Destination NAT (DNAT).

The differences between SNAT and DNAT

Below are some differences between SNAT and DNAT!

Source NAT (SNAT)Destination NAT (DNAT)
SNAT stands for Source NAT.DNAT stands for Destination NAT.
Here, Private IP address is converted into Public IP.Here, Public IP is converted into Private IP.
It is used by a client which is inside our private network and want to access the Internet. It is used when someone from public network wants to access a Server inside the DMZ.
SNAT is performed after the routing decision.DNAT is performed before the routing decision.
SNAT, can allow one or more than one hosts of private network to get connect to public hosts.DNAT, allows connection of any host on the public network to a particular host on the private network.


In this article, we discussed SNAT (Static NAT) and DNAT (Destination NAT). Both terms are related to NAT (Network Address Translation). SNAT converts the source IP address of internal hosts to a public IP address. DNAT translates the destination IP of a Public User to a Private IP address so that it can communicate with DMZ servers.

Did you find this article helpful? Please leave a comment in the comment box!

Recommended:  EIGRP Packet Types / Messages Types and Neighborship Parameters


  1. At the beginning “In this article, we will discuss SNAT (Source NAT) and DNAT (Destination NAT)”
    At the summary end “In this article, we discussed SNAT (Static NAT) and DNAT (Dynamic NAT).”

    Confusing terminology that appears the same but also not in meaning when you look around, so which is it?

    1. Hi bob, Yes, I just checked it and DNAT is Destination NAT. Although, the dynamic nat, is ususally configured in clouds, i.e. AWS, where, the machines have dynamically IP assigned. We configure FQDN, in case of Dynamic NAT.

Leave a Reply

Your email address will not be published. Required fields are marked *

Share via
Copy link
Powered by Social Snap