Cisco "show ip nat translations" Command Explained
show ip nat translations — shows the NAT table — which inside addresses are currently translated to which outside addresses (and ports, for PAT). Runs in privileged EXEC mode.
Syntax and common variants
| Variant | Purpose |
|---|---|
show ip nat translations | The live translation table |
show ip nat statistics | Totals, hit/miss, interface roles |
clear ip nat translation * | Flush dynamic translations |
Reading the output
| Output / element | Meaning |
|---|---|
Inside local | Private IP:port of the internal host |
Inside global | The public IP:port it appears as |
Outside global | The real destination out on the internet |
tcp/udp/icmp rows | One entry per active session (PAT) |
When to use it
Proof NAT is working: browse from an inside PC, and its entry should appear here. Empty table with failing internet = check ip nat inside/outside placement and the ACL; statistics' interface lists catch the classic "marked the wrong interface" mistake. Browse more in the command reference or practise in the free labs.
Frequently asked questions
What is the difference between inside local and inside global?
Inside local is the host's private address; inside global is the translated public identity it uses outward.
The table stays empty — why?
Interfaces may lack ip nat inside/outside marking, the source ACL may not match your subnet, or traffic isn't actually routing out — check show ip nat statistics first.
Is clearing translations disruptive?
It drops current sessions' mappings; active connections typically re-establish, but do it thoughtfully in production.
Related articles
Want hands-on training?
Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.