NAT Status

TNSR offers several ways to view the active NAT configuration, rules, and sessions. These start with nat show, and are all available in config and master mode.

View NAT Configuration

To view the current NAT configuration parameters (not rules), use show nat config:

tnsr# show nat config

NAT Configuration Parameters
----------------------------
translation hash buckets 1024
translation hash memory 134217728
deterministic false
user hash buckets 128
user hash memory 67108864
max translations per user 100
outside Route Table ipv4-VRF:0
inside Route Table ipv4-VRF:0
dynamic mapping enabled
forwarding is disabled

View Static Mappings

To view currently configured static NAT mappings, use show nat static-mappings:

tnsr# show nat static-mappings

Static Mappings

Proto Local IP   Port External IP Port Interface Twice NAT Out to In Route Table
----- ---------- ---- ----------- ---- --------- --------- --------- -----------
  tcp 10.2.0.5     22 203.0.113.2  222                                ipv4-VRF:0

View Deterministic Mappings

To view currently configured deterministic NAT mappings, use show nat deterministic-mappings:

tnsr# show nat deterministic-mappings
Deterministic Mappings
----------------------

Inside        Outside              Ratio     Ports  Sessions
------------- ---------------- --------- --------- ---------
198.14.0.0/15 203.0.113.128/25      1024        63         0

NAT Reassembly Parameters
-------------------------

View Dynamic Configuration

To view the IP addresses or interfaces currently assigned for use by NAT, use show nat dynamic addresses or show nat dynamic interfaces, depending on the TNSR NAT configuration:

tnsr# show nat dynamic addresses

Pool Addresses  Route Table     Twice NAT
--------------  -----------     ---------
203.0.113.2

View Interfaces

To view the interfaces which are currently marked as inside and outside for NAT purposes, use show nat interface-sides:

tnsr# show nat interface-sides

Interfaces              Side
---------------------   -------
GigabitEthernet0/14/0   outside
GigabitEthernet3/0/0    inside

View NAT Fragment Reassembly

To view NAT packet fragment reassembly parameters, use show nat reassembly:

tnsr# show nat reassembly

NAT Reassembly Parameters
-------------------------
Family: ipv4
    Enabled : true
    Timeout : 2 seconds
    Max Fragments : 5
    Max concurrent reassemblies: 1024
Family: ipv6
    Enabled : true
    Timeout : 2 seconds
    Max Fragments : 5
    Max concurrent reassemblies: 1024

View NAT Sessions

To view a summary of outgoing NAT sessions by source address, use show nat sessions:

tnsr# show nat sessions

NAT sessions
------------

IP address      Static Dynamic Route Table
-------------- ------- ------- -----------
10.2.0.1             0       4  ipv4-VRF:0
203.0.113.2          0       1  ipv4-VRF:0

To see more detail for each specific session, add verbose to the previous command, which becomes show nat sessions verbose:

tnsr# show nat sessions verbose

NAT sessions detail
-------------------

Proto Inside/Outside/Ext    Type    Route Table Last used Bytes/pkts
----- --------------------- ------- ----------- --------- ----------
  udp 10.2.0.1:123          dynamic  ipv4-VRF:0       143        498
      203.0.113.2:16253                                            6
      52.6.160.3:123
  udp 10.2.0.1:123          dynamic  ipv4-VRF:0       143        498
      203.0.113.2:18995                                            6
      184.105.182.7:123
  udp 10.2.0.1:123          dynamic  ipv4-VRF:0       145        498
      203.0.113.2:53893                                            6
      69.36.182.57:123
  udp 10.2.0.1:123          dynamic  ipv4-VRF:0       207        498
      203.0.113.2:44109                                            6
      198.50.238.163:123