Dynamic NAT Troubleshooting Checklist

 Here’s a Dynamic NAT Troubleshooting Checklist you can run through in the field:

1️⃣ Check Interface NAT Roles

Make sure the correct interfaces are marked as inside and Outside

show running-config | include ip nat

Common mistake: swapping inside/outside or missing the command entirely.

2️⃣ Verify the ACL Matches the Inside IPs

Check if the ACL used for NAT is correct and actually matches the traffic.

show access-lists

If your inside subnet is 192.168.10.0/24 but ACL says 192.168.1.0/24, NAT won’t work.

3️⃣ Confirm the NAT Pool is Correct

Ensure public IPs in the pool are valid and have the correct subnet mask.

show running-config | section ip nat pool

Common error: Wrong mask → NAT fails to route traffic.

4️⃣ Check NAT Bindings

See if translations are being created when you generate traffic.

show ip nat translations

No entries? Check ACL and inside/outside assignment.

5️⃣ Test with a Known External Host

Ping a reachable public IP (e.g., 8.8.8.8) from an inside host.

If ping works but browsing doesn’t → possible DNS issue, not NAT.

6️⃣ Verify Routing

Inside networks must have a route to the NAT router, and the router must have a route to the internet.

show ip route

7️⃣ Check Overlapping NAT Rules

Another NAT or PAT config might be taking priority.

Remove or adjust conflicting NAT rules.