According to techniques of this disclosure, network management system 10 may discover, add and configure network devices 14 behind NAT device 16. For example, an administrator 12 may model one of network devices 14A-14G on network management system 10 as a seed network device, network device 14A, for example. In other words, network management system 10 may receive the model of seed network device 14A from administrator 12. The model of seed network device 14A may contain information relating to how seed network device 14A may be configured, the capabilities of seed network device 14A, etc. In response to receiving the model of seed network device 14A, network management system 10 may generate a first activation configuration. The administrator 12 may manually commit, for example via links 11 and 17, the first activation configuration on seed network device 14A. Alternatively, network management system 10 may commit the first activation configuration on the seed network device, for example, through the use of a script. In response to the first activation configuration being committed on seed network device 14A, seed network device 14A may request a first connection to network management system 10, for example through an outbound secure shell (ssh) connection, over links 17 and 11 and a first connection may be established between network management system 10 and seed network device 14A. While not showing the path through links 17 and 11, the first connection is also represented by connection 1. In some examples network management system 10 may establish the first connection. In other examples, the seed network device 14A may establish the first connection. In some examples, the first connection between the network management system 10 and seed network device 14A may be an ssh connection.