The NAT options described here control TNSR NAT behavior independent of the chosen mode.
When NAT is active, it will affect traffic to and from services on TNSR, such as IPsec and BGP. When NAT is enabled, by default TNSR will drop traffic that doesn’t match an existing NAT session or static NAT rule. To change this behavior, enable NAT forwarding mode:
tnsr(config)# nat global-options nat44 forwarding true
If NAT is active and there are no services present on TNSR which need to communicate using an interface involved with NAT, then it is more secure and efficient to disable forwarding:
tnsr(config)# nat global-options nat44 forwarding false