This is the documentation for the 20.10 version. Looking for the documentation of the latest version? Have a look here.

Deterministic NATΒΆ

Deterministic NAT mode, also known as Carrier-Grade NAT (CG-NAT), is geared for maximum performance at a large scale. This performance comes at a price, however, in that it consumes greater amounts of memory than other, simpler modes.


Deterministic NAT mode has been deprecated and will be removed from the next version of TNSR.

Deterministic NAT pre-allocates 1000 external ports per inside address, which can increase memory requirements significantly. Each single session requires approximately 15 Bytes of memory.

Deterministic NAT enforces maximum numbers of NAT sessions per user, and only works for TCP, UDP, and ICMP protocols.


Deterministic NAT mode is not compatible with NAT pools defined by address; it only functions with pools defined by interface name.

To activate Deterministic NAT, use the following command:

tnsr(config)# nat deterministic enable

Deterministic NAT requires a mapping, configured as follows:

tnsr(config)# nat deterministic mapping inside <inside-prefix> outside <outside-prefix>

In this command, the parameters to replace are:

inside <inside-prefix>:

The internal subnet containing local users, for example,

outside <outside-prefix>:

The external subnet to which these users will be mapped using deterministic NAT. For example,

Configured mappings may be viewed as follows:

tnsr(config)# show nat deterministic-mappings
Deterministic Mappings

Inside        Outside              Ratio     Ports  Sessions
------------- ---------------- --------- --------- ---------      1024        63         0

NAT Reassembly Parameters