Placing NAT roles on interfaces: On which interface should you configure the command that designates the “inside” of a private network for Cisco NAT?

Introduction / Context:
Cisco NAT requires you to mark interfaces as either inside or outside. Correctly assigning these roles is essential so the router knows which direction to translate addresses and ports.

Given Data / Assumptions:

• Private hosts reside on the LAN-facing interface(s).
• The router translates those hosts to public or upstream-reachable addresses when they access external networks.
• Standard IOS NAT configuration model is used.

Concept / Approach:

The LAN-facing interface connected to the private IPv4 space must be marked with ip nat inside. Conversely, the interface toward the public or upstream network is marked with ip nat outside. Terms like “inside local/global” and “outside local/global” are address types, not interface commands.

Step-by-Step Solution:

Verification / Alternative check:

Use show ip nat statistics and show ip nat translations to confirm that traffic arriving on the inside interface is translated as expected.

Why Other Options Are Wrong:

ip nat outside (B) belongs on the WAN/upstream side.

ip outside global (C) and ip inside local (D) are conceptual address categories, not interface configuration commands.

Common Pitfalls:

Reversing inside/outside designations; forgetting to apply ACLs or route-maps that define interesting traffic; assuming address type names are CLI commands.

Final Answer:

ip nat inside