Monitoring NAT
This section explains how to view NAT license information, NAT statistics, NAT translation entries, NAT address pool information, and NAT inside and outside rule settings.
Displaying the NAT License Key
The show license nat command displays the NAT license key.
show license nat
host1#show license nat
Nat license is nat_license
Displaying Translation Statistics
The show ip nat statistics command displays internal statistics that apply to NAT operation.
show ip nat statistics
- Last dynamic allocation failure—Completion level of any dynamic allocation failures; the number of times the router attempted dynamic allocation but reached the dynamic allocation entry limit
- Current static translation entries
- Inside Source Simple—Number of inside source simple static translations
- Outside Source Simple—Number of outside source simple static translations
- Inside Source Extended—Number of inside source extended static translations
- Outside Source Extended—Number of outside source extended static translations
- Dynamic Translation Type—Type of dynamic translation (inside source simple, outside source simple, inside source extended)
- Current—Current number of dynamic translations of the associated translation type
- Peak—Peak number of dynamic translations of the associated translation type
- Accumulated—Accumulated number of dynamic translations of the associated type; this value reflects the accumulation of dynamic translations since the last router reboot operation
- Failed—Total number of installation attempts that failed for an associated translation type
- Forwarding statistics for packets received on inside or outside interfaces
- forwarded directly—Number of packets forwarded directly (that is, without the need of translation)
- forwarded through translator—Number of packets forwarded through the NAT translator
- discarded—Number of packets discarded immediately upon receipt
- discarded by translator—Number of packets discarded by the NAT translator when no matching translation could be located
host1#show ip nat statistics
NAT database statistics for virtual router vr1:
--------------------------------------------------------------
Last dynamic allocation failure: normal, successful completion
Dynamic entry limit was reached 10318 times
Current static translation entries:
-----------------------------------------
Inside Source Simple: 10
Outside Source Simple: 3
Inside Source Extended: 8
Outside Source Extended: 12
Dynamic
Translation Type Current Peak Accumulated Failed
---------------------- ---------- ---------- ----------- ----------
Inside Source Simple 69999 69999 69999 12568
Outside Source Simple 4518 4518 4518 25
Inside Source Extended 70000 70000 70000 568
Fully Extended 26855 26855 26855 2565
Forwarding statistics for virtual router vr1:
------------------------------------------------------------------------
Packets received on inside interface and
forwarded directly 8
forwarded through translator 111763104
discarded 2
discarded by translator 28524565
Bytes received on inside interface and
forwarded directly 544
forwarded through translator 5141098074
Packets received on outside interface and
forwarded directly 7
forwarded through translator 1031624
discarded 3
discarded by translator 578961
Bytes received on outside interface and
forwarded directly 476
forwarded through translator 47454704
Displaying Translation Entries
The show ip nat translations command displays current translations that reside in the translation table.
Simple translation entries appear with inside/outside and local/global address information. Extended entries appear with added protocol and port numbers (or query IDs).
Using verbose mode additionally provides the time since creation and time since last use for each translation entry.
show ip nat translations
- Prot—Protocol (TCP, UDP, ICMP, or GRE) for this translation entry; this field appears only for extended table entries
- Inside local—Inside local IP address for this translation entry; this field also provides the port number, separated by a colon ( : ) for extended entries
- Inside global—Inside global IP address for this translation entry; this field also provides the port number, separated by a colon ( : ) for extended entries
- Outside global—Outside global IP address for this translation entry; this field also provides the port number, separated by a colon ( : ) for extended entries
- Outside local—Outside local IP address for this translation entry; this field also provides the port number, separated by a colon ( : ) for extended entries
- Time since creation—Amount of time elapsed since the translation entry appeared in the translation table
- Time since last use—Amount of time elapsed since the translation entry was used
host1#show ip nat translations
Prot Inside local Inside global Outside global Outside local
---- --------------- --------------- -------------- ----------------
GRE 13.1.2.1:* 20.0.0.1:* --- ---
ICMP 13.1.2.2:4 20.0.0.2:4 --- ---
TCP 13.1.2.3:20 20.0.0.3:50 --- ---
 |
NOTE: Because they are not NAPT translations, port numbers for GRE translations appear as asterisks (*). |
host1#show ip nat translations verbose
Time Time
Inside Outside Outside since since
Prot Inside local global global local creation last use
---- ------------ ----------- ----------- ----------- ------------ ------------
20.0.0.3 30.0.0.3 --- --- 00:04:50 00:00:01
21.0.0.3 30.208.0.3 --- --- 00:02:12 00:00:01
21.0.0.4 30.208.0.4 --- --- 00:02:12 00:00:01
--- --- 50.0.0.3 70.0.0.3 00:03:24 Never
--- --- 51.0.0.3 70.208.0.3 00:01:44 00:00:01
--- --- 51.0.0.4 70.208.0.4 00:01:44 00:00:01
UDP --- --- 50.50.0.3:8 70.50.0.3:8 00:03:10 Never
7 108
UDP 22.0.0.4:63 30.224.0.3: --- --- 00:02:12 00:00:01
4097
UDP 22.0.0.3:63 30.224.0.3: --- --- 00:02:12 00:00:01
4096
TCP --- --- 50.50.0.3:8 70.50.0.3:8 00:03:10 Never
0 008
UDP 20.50.0.3:87 30.50.0.3:8 --- --- 00:03:35 Never
108
Displaying Address Pool Information
The show ip nat pool command displays NAT address pool information. The command output displays configuration (mask and address ranges) of all address pools, unless you supply a specific pool name.
show ip nat pool
- pool—Name of the address pool
- netmask—Network prefix associated with the NAT address pool
- prefix length—Prefix length associated with the NAT address pool
- range—Address ranges used by this NAT address pool
host1#show ip nat pool
pool: pool1 netmask: 255.255.255.0 prefix length: 24
range: 3.3.3.1 to 3.3.3.255
range: 4.4.4.1 to 4.4.4.32
pool: pool2 netmask: 255.255.255.0 prefix length: 24
range: 1.1.1.1 to 1.1.1.24
range: 2.2.2.1 to 2.2.2.55
host1#show ip nat pool pool1
pool: pool1 netmask: 255.255.255.0 prefix length: 24
range: 3.3.3.1 to 3.3.3.255
range: 4.4.4.1 to 4.4.4.32
Displaying Inside and Outside Rule Settings
The show ip nat inside rule and show ip nat outside rule commands display access list and pool usage for all dynamic translation rules configured for the virtual router. If you do not specify an access list, the output displays address pool associations for each of the access lists for either inside or outside translation rules in the virtual router. Specifying an access list filters the output to display only the address pool associated with the specified list.
show ip nat inside rule
- Use to display NAT access list and pool usage information for inside source translation rules.
- Field descriptions
- access list name—Name of the access list
- pool name—Name of the address pool
- rule type—Type of rule assigned
host1#show ip nat inside rule
access list name: list1 pool name: poolA rule type: inside source
access list name: list2 pool name: poolB rule type: inside source
access list name: list3 pool name: poolC rule type: inside source overload
show ip nat outside rule
- Use to display NAT access list and pool usage information for outside source translation rules.
- Field descriptions
- access list name—Name of the access list
- pool name—Name of the address pool
- rule type—Type of rule assigned
host1#show ip nat outside rule
access list name: list4 pool name: poolD rule type: outside source