SNAT vs DNAT | Source NAT vs Destination NAT

In this article, we will discuss about SNAT (Source NAT) and DNAT (Destination NAT). Both terminologies are related to NAT (Network Address Translation). Before continue, I recommend, please take a look on Network Address Translation.


Table of Contents

Source NAT (SNAT)


SNAT stands for Source NAT. Source NAT, as the name suggests, is used when an internal user initiates a connection with an outside Host. Here, layer 3 device on which we already configured NAT, translate the private IP address of Host to Public IP. It may also translate the source port in the TCP or UDP protocols header’s.¬†Although, Cisco abbreviate it with Stateful NAT.

Destination NAT (DNAT)


On the other hand, DNAT abbreviation for Destination NAT. DNAT is used when an external Host with a Public IP, initiates a connection towards our Internal/Private Network. Here, the same layer 3 device, convert public IP address of that host to the private IP of internal Host/Server.

The Destination NAT is configured for Demilitarized Zone (DMZ). In the DMZ, we usually put our Server with Private IP addresses. So, public user can access them with the help of Destination NAT (DNAT).

The differences between SNAT and DNAT

Below are some differences between SNAT and DNAT!

Source NAT (SNAT)Destination NAT (DNAT)
SNAT stands for Source NAT.DNAT stands for Destination NAT.
Here, Private IP address is converted into Public IP.Here, Public IP is converted into Private IP.
It is used by a client which is inside our private network and want to access the Internet. It is used when someone from public network wants to access a Server inside the DMZ.
SNAT is performed after the routing decision.DNAT is performed before the routing decision.
SNAT, can allow one or more than one hosts of private network to get connect to public hosts.DNAT, allows connection of any host on the public network to a particular host on the private network.


In this article, we discussed SNAT (Static NAT) and DNAT (Dynamic NAT). Both terms are related to NAT (Network Address Translation). SNAT converts the source IP address of internal hosts to a public IP address. DNAT, translates the destination IP of a Public User to Private IP address, so that it can communicate with DMZ servers.

Did you find this article helpful? Please leave a comment in the comment box!

Leave a Reply

Your email address will not be published. Required fields are marked *