IP NAT/route-map Experts, what does this mean to you...

dmorassut-sbi · ‎02-20-2007

I'm having troubles following this logic; what does this ip nat and route-map combo actually do?

ip nat inside source route-map nonat interface Vlan20 overload

!

access-list 140 deny ip any any

!

route-map nonat permit 10

match ip address 140

Thanks for your help.

Dennis

Jon Marshall · ‎02-20-2007

Hi Dennis

As far as i can tell it's not really doing anything.

The nat statement says to NAT everything to the Vlan 20's ip address only if it is permitted in the route-map. But the route-map only has a deny ip any any statement in it so all packets will not get natted as far as i can see.

HTH

Jon

dmorassut-sbi · ‎02-20-2007

Thanks Jon. That's what I'm begining to think as well. Also based on this info...

sh access-lists

Extended IP access list 140

10 deny ip any any (3858277 matches)

PHX-CHA-2801#sh route-map all

STATIC routemaps

route-map nonat, permit, sequence 10

Match clauses:

ip address (access-lists): 140

Set clauses:

Policy routing matches: 0 packets, 0 bytes

PHX-CHA-2801#sh ip nat stat

Total active translations: 0 (0 static, 0 dynamic; 0 extended)

Outside interfaces:

Virtual-Access1, Dialer1

Inside interfaces:

Vlan10, Vlan20

Hits: 0 Misses: 0

CEF Translated packets: 0, CEF Punted packets: 0

Expired translations: 0

Dynamic mappings:

-- Inside Source

[Id: 1] route-map nonat interface Vlan20 refcount 0

Queued Packets: 0

I found that config in a router and was having a challenge understanding what was being done.

Dennis.