Showing results for 
Search instead for 
Did you mean: 
Join Customer Connection to register!

Nexus 9318-FX - NAT Issues

I'm having issues with some simple NAT logic on a Nexus 93180YC-FX which when tested on an IOS based device work fine.


See attached for basic network diagram.


Basic configuration:


interface vlan100

ip nat inside

interface vlan200

ip nat outside

ip nat inside source static

ip nat outside source static add-route

When I test this on the NK9 the inside rule works successfully.

The strange part is when i check the NAT translation table using show ip nat translations there is nothing listed after a successfully tested inside translation.

When I try to reach using the outside global address from the frame arrives at but the source address is still and not the global inside address I assume the static route created by add-route is allowing this to end up at but why isn't the inside address being translated?


When I test this on an IOS based switch both rules work as expected and the NAT translation tables is properly populated with all the translations.


Is there a limitation with NAT with the specific 9K switch?

VIP Expert

You need to have interface configuration with the IP address ?

can you post full configuration, here is my findings


ip nat inside source static (this is 21 or typo) ?



*** Rate All Helpful Responses ***

Interface vlan 100 and interface vlan 200 are configured with L3 addresses - vlan 100 is inside and vlan 200 in outside.


This is to translate the source address of to as it leaves the inside interface towards the outside.

ok what is the outcome - (with out add-route)

ip nat outside source static


*** Rate All Helpful Responses ***

Without the add-route traffic doesn't make it to at all.

MHM Cisco World
Rising star

this is the NAT
what is the IP address of traffic you test 
IP Source 
IP Destination 


IP nat inside is first 
IP nat outside 

some other device support Twice NAT 
BUT to make both NAT work together please do
ip nat inside group 1
ip nat outside group 1

this make incoming traffic NAT using both command one time not use one and reject other.


I test ping from


My expected results on nxos as confirmed using an IOS switch is that source address is translated from to and the destination is translated from to

Need both nat work together using group keyword 

The group keyword isn't even an option in the context of ip nat inside or ip nat outside.

Content for Community-Ad