Outbound NATΒΆ

Outbound NAT, sometimes referred to as Source NAT, Overload NAT or Port Address Translation (PAT), changes the source address and port of packets exiting a given interface. This is most commonly performed in order to hide the origin of a packet, allowing multiple IPv4 hosts inside a network to share one, or a limited number of, external or outside addresses on a router.

In TNSR, this type of NAT is configured by marking the LAN or internal interface as inside and the WAN or external interface as outside, for example:

tnsr(config)# nat pool addresses
tnsr(config)# interface GigabitEthernet0/14/1
tnsr(config-interface)# ip nat outside
tnsr(config-interface)# exit
tnsr(config)# interface GigabitEthernet0/14/2
tnsr(config-interface)# ip nat inside
tnsr(config-interface)# exit
tnsr(config)# nat global-options nat44 forwarding true

Traffic originating on the inside interface and exiting the outside interface will have its source address changed to match that of the outside interface.


The address of the outside interface must exist as a part of a NAT pool (NAT Pool Addresses) or connectivity from the inside interface will not function with NAT configured. Use either an address pool as shown above, or nat pool interface <name> where <name> is the same interface that contains ip nat outside.


When activating ip nat outside, services on TNSR may fail to accept or initiate traffic on that interface depending on the NAT mode. For services on TNSR to function in combination with ip nat outside, endpoint-dependent NAT mode must be enabled. In TNSR 18.11 and later, this is the default mode.

The following commands set TNSR to endpoint-dependent NAT mode:

tnsr(config)# dataplane nat mode endpoint-dependent
tnsr(config)# service dataplane restart

Additionally, NAT forwarding must be enabled for this traffic to be accepted by TNSR. See NAT Forwarding for details.