ip nat inside
Designates an interface as the inside (private) interface for NAT translation, enabling the router to translate source IP addresses of packets leaving this interface.
ip nat insideWhen to Use This Command
- Configure a home or small office router to translate private IP addresses (e.g., 192.168.1.0/24) to a public IP when accessing the internet.
- Set up NAT on a corporate edge router where internal servers use private addresses and need to communicate with external networks.
- Enable NAT overload (PAT) on a Cisco router to allow multiple internal devices to share a single public IP address.
- Configure static NAT for a web server on the inside network to be reachable from the outside.
Command Examples
Basic Inside Interface Configuration for Dynamic NAT
Router(config-if)# ip nat insideRouter(config-if)#
No output is displayed upon successful configuration. The command simply marks the interface as the inside NAT interface. Use 'do show ip nat translations' to verify later.
Verifying Inside Interface Status
Router# show ip nat statisticsTotal active translations: 0 (0 static, 0 dynamic; 0 extended)
Outside interfaces:
GigabitEthernet0/1
Inside interfaces:
GigabitEthernet0/0
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 pool MYPOOL refcount 0
pool MYPOOL: netmask 255.255.255.240
start 203.0.113.1 end 203.0.113.14
type generic, total addresses 14, allocated 0 (0%), misses 0
The 'Inside interfaces' line confirms that GigabitEthernet0/0 is configured as inside. 'Outside interfaces' shows the outside interface. 'Total active translations' indicates current NAT entries. 'Hits' and 'Misses' show translation success/failure. The dynamic mapping section details the ACL and pool used.
Understanding the Output
The 'ip nat inside' command itself produces no output. To verify, use 'show ip nat statistics' or 'show ip nat translations'. In 'show ip nat statistics', the 'Inside interfaces' field lists all interfaces configured with 'ip nat inside'. The 'Outside interfaces' field lists those with 'ip nat outside'. 'Total active translations' shows the number of current NAT entries; a high number may indicate many active sessions. 'Hits' count successful translations, 'Misses' count packets that failed to translate (e.g., no ACL match or pool exhausted). The dynamic mappings section shows the NAT pool and access list; 'allocated 0 (0%)' means no translations are currently using the pool. Watch for 'misses' increasing, which indicates traffic that cannot be translated, often due to missing ACL entries or exhausted pool addresses.
CCNA Exam Tips
CCNA exam tip: Remember that 'ip nat inside' is configured on the interface facing the private network, while 'ip nat outside' is on the interface facing the public network.
CCNA exam tip: You must also configure an ACL to define which traffic to translate and a NAT pool or overload statement; 'ip nat inside' alone does not enable translation.
CCNA exam tip: The command is entered in interface configuration mode; verify with 'show ip nat statistics' or 'show running-config'.
CCNA exam tip: For PAT (overload), you use 'ip nat inside source list ACL interface outside-interface overload' in global config, not on the interface.
Common Mistakes
Mistake 1: Applying 'ip nat inside' to the wrong interface (e.g., the outside interface), causing NAT to fail or translate incorrectly.
Mistake 2: Forgetting to also configure 'ip nat outside' on the external interface, resulting in no translation.
Mistake 3: Not defining an ACL or NAT pool, so even with 'ip nat inside', no translation occurs.
Related Commands
ip nat inside source list [acl] interface [intf] overload
Configures dynamic NAT overload (PAT) to translate multiple inside private IP addresses to a single public IP address using the interface's IP, based on an access list.
ip nat outside
Marks an interface as the outside (public) side for NAT, enabling translation of source addresses for traffic leaving the inside network.
show ip nat statistics
Displays statistics about NAT translations, including active translations, hit counts, and configuration parameters, used to verify NAT operation and troubleshoot translation issues.
show ip nat translations
Displays the current active Network Address Translation (NAT) translations on the router, used to verify NAT operations and troubleshoot connectivity issues.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions