Courseiva
NATInterface Config

ip nat outside

Marks an interface as the outside (public) side for NAT, enabling translation of source addresses for traffic leaving the inside network.

Syntax·Interface Config
ip nat outside

When to Use This Command

  • Configure the WAN interface of a router to translate private IPs to a public IP for internet access.
  • Set up NAT on a DMZ interface to translate public-to-private addresses for inbound traffic.
  • Define the outside interface for dynamic NAT with a pool of public addresses.
  • Use with ip nat inside on the LAN interface to enable standard NAT overload (PAT).

Command Examples

Basic Outside Interface Configuration

interface GigabitEthernet0/0 ip address 203.0.113.1 255.255.255.0 ip nat outside
Router(config)#interface GigabitEthernet0/0
Router(config-if)#ip address 203.0.113.1 255.255.255.0
Router(config-if)#ip nat outside
Router(config-if)#

The command ip nat outside is entered under interface configuration mode. No output is generated; the router simply accepts the command. Use show ip nat translations to verify NAT operations.

Verifying Outside Interface Status

show ip nat statistics
Total active translations: 5 (0 static, 5 dynamic; 5 extended)
Outside interfaces:
  GigabitEthernet0/0
Inside interfaces:
  GigabitEthernet0/1
Hits: 12345  Misses: 0
CEF Translated packets: 12345, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id] ip nat pool POOL1 203.0.113.2 203.0.113.10 netmask 255.255.255.0
   refcount 5

The 'Outside interfaces' field lists interfaces configured with ip nat outside. 'Inside interfaces' shows the inside interfaces. 'Total active translations' indicates current NAT mappings. 'Hits' are successful translations; 'Misses' should be 0 for proper operation.

Understanding the Output

The command itself produces no output. To verify, use show ip nat statistics. The 'Outside interfaces' line lists all interfaces where ip nat outside is configured. Ensure the correct WAN interface appears. 'Inside interfaces' should show your LAN interface. 'Total active translations' indicates how many sessions are currently translated. High 'Misses' may indicate misconfiguration or lack of inside-to-outside traffic. 'Hits' should be non-zero if traffic is flowing.

CCNA Exam Tips

1.

CCNA exam tip: Remember that ip nat outside must be applied on the interface facing the public network (usually the WAN interface).

2.

CCNA exam tip: The command does not appear in show running-config unless it is explicitly configured; it is not a default setting.

3.

CCNA exam tip: You must also configure ip nat inside on the LAN interface and define a NAT pool or use the interface's IP address with overload.

4.

CCNA exam tip: Misplacing ip nat outside on the inside interface will break NAT; traffic will not be translated correctly.

Common Mistakes

Mistake 1: Applying ip nat outside on the wrong interface (e.g., LAN interface) — causes NAT to fail or translate incorrectly.

Mistake 2: Forgetting to also configure ip nat inside on the LAN interface — no translation occurs.

Mistake 3: Not defining a NAT rule (ip nat inside source) — the outside interface alone does not enable NAT.

Related Commands

ip nat inside

Designates an interface as the inside (private) interface for NAT translation, enabling the router to translate source IP addresses of packets leaving this interface.

show ip nat statistics

Displays statistics about NAT translations, including active translations, hit counts, and configuration parameters, used to verify NAT operation and troubleshoot translation issues.

show ip nat translations

Displays the current active Network Address Translation (NAT) translations on the router, used to verify NAT operations and troubleshoot connectivity issues.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions