Outbound NATΒΆ

Outbound NAT, sometimes referred to as Source NAT, Overload NAT or Port Address Translation (PAT), changes the source address and port of packets exiting a given interface. This is most commonly performed in order to hide the origin of a packet, allowing multiple IPv4 hosts inside a network to share one, or a limited number of, external or outside addresses on a router.

Warning

NAT must be enabled before these options can be configured. See Enable NAT for details.

In TNSR, this type of NAT is configured by marking the LAN or internal interface as inside and the WAN or external interface as outside, for example:

tnsr(config)# nat pool addresses 203.0.113.2
tnsr(config)# interface GigabitEthernet0/14/1
tnsr(config-interface)# ip nat outside
tnsr(config-interface)# exit
tnsr(config)# interface GigabitEthernet0/14/2
tnsr(config-interface)# ip nat inside
tnsr(config-interface)# exit
tnsr(config)# nat global-options nat44 forwarding true
tnsr(config)#

Traffic originating on the inside interface and exiting the outside interface will have its source address changed to match that of the outside interface.

Warning

A usable address on the outside NAT interface must exist as a part of a NAT pool (NAT Pool Addresses) or connectivity from the inside interface will not function with NAT configured. Use either an address pool as shown above, or nat pool interface <name> where <name> is the same interface that contains ip nat outside.

The nat pool command may be repeated multiple times to specify additional pool addresses, ranges, and interfaces. NAT will make use of all available addresses configured in pools:

tnsr(config)# nat pool addresses 203.0.113.3
tnsr(config)# nat pool addresses 203.0.113.4

See also

For more information on the behavior of NAT pools, see NAT Pool Addresses.

Warning

When activating ip nat outside, services on TNSR may fail to accept or initiate traffic on that interface depending on the NAT mode. For services on TNSR to function in combination with ip nat outside, endpoint-dependent NAT mode must be enabled.

The following commands set TNSR to endpoint-dependent NAT mode:

tnsr(config)# nat global-options nat44 enabled false
tnsr(config)# nat global-options nat44 endpoint-dependent true
tnsr(config)# nat global-options nat44 enabled true

Additionally, NAT forwarding must be enabled for this traffic to be accepted by TNSR. See NAT Forwarding for details.