Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
311
Views
10
Helpful
3
Replies

The confusing NAT Command

Ahmed Mukhtar
Level 1
Level 1

‎11-13-2014 03:05 AM - edited ‎03-07-2019 09:29 PM

Hi, 

    I have a problem with NAT because i am confused with basically 2 command's one is "# ip nat source static X.X.X.X........" and the other is # ip nat source inside static X.X.X.X........"

 

What is the purpose of adding or not adding the inside command?

 

please explain

Labels:
0 Helpful
3 Replies 3

John Blakley
VIP Alumni
VIP Alumni

‎11-13-2014 03:40 AM

The difference between the two is that the first command is not concerned with what direction the traffic is coming from (inside, outside, sideways). It will figure out what interface it came in on and going out off and nat accordingly. The second nat command is concerned with what interface you have configured as inside and outside and will translate based off of those configurations. For example:

With "ip nat source list 100 interface f0/0 overload":

int fa0/0

ip nat enable

int fa0/1

ip nat enable

 

With "ip nat inside source list 100 interface fa0/0 overload":

int fa0/0

ip nat outside

int fa0/1

ip nat inside

 

I still use the older configuration of "ip nat inside" most times. There is one other differnence, and that's the way that you see the translations. The "ip nat source" command will create an NVI interface. To see translations, you would do:

show ip nat translations (for ip nat inside source command)

or

show ip nat nvi translations (for ip nat source command)

 

So there is a difference. The "ip nat source" is considered easier because you don't have to take into account which direction interfaces may be receiving traffic in. You can have two outside interfaces, one inside, or five inside interfaces and two outside. With the "ip nat enable" command on those interfaces, the router does the work...

HTH,

John

HTH, John *** Please rate all useful posts ***

Ahmed Mukhtar
Level 1
Level 1
In response to John Blakley

‎11-13-2014 03:46 AM

Very Good explanation sir! I didnt know about the " ip nat enable " command ! hmmm thanks! i have some other NAT related Question's il keep you posted....

0 Helpful

Karsten Iwen
VIP
VIP
In response to John Blakley

‎11-13-2014 04:18 AM

Just a short addition to Johns very good explanation:

The NVI-NAT doesn't support route-maps which I like to use to apply different NAT-definitions to different outgoing interfaces.

More on NAT can be found in the config-guide:

http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/iadnat-addr-consv.html#GUID-1B07F018-EEE8-40AF-953E-7E674D5E4A23

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card