NAT: Show Commands

NAT show Commands

The command most often used to troubleshoot NAT is show ip nat translations. 

Sample Output for the show ip nat translations Command

Router#show ip nat translations



Pro   Inside global         Inside local         Outside local     Outside global

udp  171.69.233.209:1220    192.168.1.95:1220    171.69.2.132:53   171.69.2.132:53

tcp   171.69.233.209:11012  192.168.1.89:11012   171.69.1.220:23   171.69.1.220:23

Another useful command is show ip nat translations verbose 

Sample Output for the show ip nat translations verbose Command

Router#show ip nat translations verbose



Pro Inside global           Inside local        Outside local    Outside global

udp 171.69.233.209:1220     192.168.1.95:1220   171.69.2.132:53  171.69.2.132:53

              create 00:00:02,       use 00:00:00,  flags:  extended

tcp   171.69.233.209:11012  192.168.1.89:11012  171.69.1.220:23  171.69.1.220:23

              create 00:01:13,       use 00:00:50,  flags:  extended

Here is an explanation of the additional fields in this command:

• create- How long ago the entry was created (in hours:minutes:seconds).
• use- How long ago the entry was last used (in hours:minutes:seconds).
• flags- Indicates the type of translation. Possible flags are

  - extended- Extended translation

  - static- Static translation

  - destination- Rotary translation

  - outside- Outside translation

  - timing out- Translation is no longer used due to a TCP FIN or RST

In general, the following is the terminology used in the show commands to display various addresses:

• Inside local address- The IP address that is assigned to a host on the inside network. The address is probably not a legitimate IP address assigned by the Network Information Center (NIC) or service provider. This is typically an RFC 1918 address.
• Inside global address- A legitimate IP address (assigned by the NIC or service provider) that represents (after translation) one or more inside local IP addresses to the outside world.
• Outside local address- The IP address of an outside host as it appears to the inside network. Not necessarily a legitimate address, it can be allocated from address space routable on the inside.
• Outside global address- The IP address assigned to a host on the outside network by the host's owner. The address was allocated from a globally routable address or network space.

show ip nat statistics is another useful command that gives the administrator information about NAT statistics. 

Sample Output for the show ip nat statistics Command

Router#show ip nat statistics



Total translations: 2 (0 static, 2 dynamic; 0 extended)

Outside interfaces: Serial0

Inside interfaces: Ethernet1

Hits: 135  Misses: 5

Expired translations: 2

Dynamic mappings:

-- Inside Source

access-list 1 pool net-208 refcount 2

 pool net-208: netmask 255.255.255.240

        start 171.69.233.208 end 171.69.233.221

        type generic, total addresses 14, allocated 2 (14%), misses 0

To summarize, the two relevant NAT show commands are

• show ip nat translations or show ip nat translations verbose
• show ip nat statistics