Outbound NAT, sometimes referred to as Source NAT, Overload NAT or Port Address Translation (PAT), changes the source address and port of packets exiting a given interface. This is most commonly performed in order to hide the origin of a packet, allowing multiple IPv4 hosts inside a network to share one, or a limited number of, external or outside addresses on a router.
NAT must be enabled before these options can be configured. See Enable NAT for details.
In TNSR, this type of NAT is configured by marking the LAN or internal interface
inside and the WAN or external interface as
outside, for example:
tnsr(config)# nat pool addresses 203.0.113.2
tnsr(config)# interface GigabitEthernet0/14/1
tnsr(config-interface)# ip nat outside
tnsr(config)# interface GigabitEthernet0/14/2
tnsr(config-interface)# ip nat inside
tnsr(config)# nat global-options nat44 forwarding true
Traffic originating on the inside interface and exiting the outside interface will have its source address changed to match that of the outside interface.
A usable address on the outside NAT interface must exist as a part of a
NAT pool (NAT Pool Addresses) or connectivity from the inside interface will not
function with NAT configured. Use either an address pool as shown above, or
nat pool interface <name> where
<name> is the same interface that
ip nat outside.
nat pool command may be repeated multiple times to specify additional
pool addresses, ranges, and interfaces. NAT will make use of all available
addresses configured in pools:
tnsr(config)# nat pool addresses 203.0.113.3
tnsr(config)# nat pool addresses 203.0.113.4
For more information on the behavior of NAT pools, see NAT Pool Addresses.
ip nat outside, services on TNSR may fail to accept or
initiate traffic on that interface depending on the NAT mode. For services on
TNSR to function in combination with
ip nat outside, endpoint-dependent
NAT mode must be enabled.
The following commands set TNSR to
endpoint-dependent NAT mode:
tnsr(config)# nat global-options nat44 enabled false
tnsr(config)# nat global-options nat44 endpoint-dependent true
tnsr(config)# nat global-options nat44 enabled true
Additionally, NAT forwarding must be enabled for this traffic to be accepted by TNSR. See NAT Forwarding for details.