diff --git a/libnetwork/drivers/windows/labels.go b/libnetwork/drivers/windows/labels.go
index ead3ee6ddc..a4b23c1a22 100644
--- a/libnetwork/drivers/windows/labels.go
+++ b/libnetwork/drivers/windows/labels.go
@@ -42,4 +42,10 @@ const (
 
 	// DisableGatewayDNS label
 	DisableGatewayDNS = "com.docker.network.windowsshim.disable_gatewaydns"
+
+	// EnableOutboundNat label
+	EnableOutboundNat = "com.docker.network.windowsshim.enable_outboundnat"
+
+	// OutboundNatExceptions label
+	OutboundNatExceptions = "com.docker.network.windowsshim.outboundnat_exceptions"
 )
diff --git a/libnetwork/drivers/windows/windows.go b/libnetwork/drivers/windows/windows.go
index 964099cc36..eabf590a9d 100644
--- a/libnetwork/drivers/windows/windows.go
+++ b/libnetwork/drivers/windows/windows.go
@@ -20,6 +20,7 @@ import (
 	"sync"
 
 	"github.com/Microsoft/hcsshim"
+	"github.com/docker/docker/pkg/system"
 	"github.com/docker/libnetwork/datastore"
 	"github.com/docker/libnetwork/discoverapi"
 	"github.com/docker/libnetwork/driverapi"
@@ -30,21 +31,23 @@ import (
 
 // networkConfiguration for network specific configuration
 type networkConfiguration struct {
-	ID                 string
-	Type               string
-	Name               string
-	HnsID              string
-	RDID               string
-	VLAN               uint
-	VSID               uint
-	DNSServers         string
-	MacPools           []hcsshim.MacPool
-	DNSSuffix          string
-	SourceMac          string
-	NetworkAdapterName string
-	dbIndex            uint64
-	dbExists           bool
-	DisableGatewayDNS  bool
+	ID                    string
+	Type                  string
+	Name                  string
+	HnsID                 string
+	RDID                  string
+	VLAN                  uint
+	VSID                  uint
+	DNSServers            string
+	MacPools              []hcsshim.MacPool
+	DNSSuffix             string
+	SourceMac             string
+	NetworkAdapterName    string
+	dbIndex               uint64
+	dbExists              bool
+	DisableGatewayDNS     bool
+	EnableOutboundNat     bool
+	OutboundNatExceptions []string
 }
 
 // endpointConfiguration represents the user specified configuration for the sandbox endpoint
@@ -208,6 +211,18 @@ func (d *driver) parseNetworkOptions(id string, genericOptions map[string]string
 				return nil, err
 			}
 			config.VSID = uint(vsid)
+		case EnableOutboundNat:
+			if system.GetOSVersion().Build <= 16236 {
+				return nil, fmt.Errorf("Invalid network option. OutboundNat is not supported on this OS version")
+			}
+			b, err := strconv.ParseBool(value)
+			if err != nil {
+				return nil, err
+			}
+			config.EnableOutboundNat = b
+		case OutboundNatExceptions:
+			s := strings.Split(value, ",")
+			config.OutboundNatExceptions = s
 		}
 	}
 
@@ -609,6 +624,19 @@ func (d *driver) CreateEndpoint(nid, eid string, ifInfo driverapi.InterfaceInfo,
 
 	endpointStruct.DisableICC = epOption.DisableICC
 
+	// Inherit OutboundNat policy from the network
+	if n.config.EnableOutboundNat {
+		outboundNatPolicy, err := json.Marshal(hcsshim.OutboundNatPolicy{
+			Policy:     hcsshim.Policy{Type: hcsshim.OutboundNat},
+			Exceptions: n.config.OutboundNatExceptions,
+		})
+
+		if err != nil {
+			return err
+		}
+		endpointStruct.Policies = append(endpointStruct.Policies, outboundNatPolicy)
+	}
+
 	configurationb, err := json.Marshal(endpointStruct)
 	if err != nil {
 		return err