"ip nat inside source static network" with route-map

Unanswered Question
Jun 19th, 2008

How would you use "ip nat inside source static network" with an route-map? The specific situation is:

Inside LAN:

The inside LAN address should be NAT'd to only if the traffic is going to

I have tried the following with no luck:

ip access-list extended nat-acl

permit ip

route-map nat-map permit 10

match ip addres nat-acl

ip nat inside source static network /24 route-map nat-map

However, if the route-map is not specified in the "ip nat inside source static network", the translation works for all traffic.

On the other side, I was able to set this up with "ip nat pool" and route-map.

ip nat inside source list nat-acl route-map nat-map pool nat-pool

ip nat pool nat-pool netmask type match-host

Any advice is appreciated!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Thu, 06/19/2008 - 13:00


The way you have set it up is the correct way although if you are not matching on something other than source & destination IP addresses you could just as easily have done

ip nat inside source list nat-acl pool nat-pool

ie. you only need a route-map if you want to match on other things such as next-hop ip address/output interface etc.

You would not use the static statement -

ip nat inside source static network /24 route-map nat-map

because you are dynamically Natting source IP addresses not statically mapping them.

Hope this makes sense.


zhenxu_zj Thu, 06/19/2008 - 19:11

Indeed, I do need static one-to-one mapping so that outside host (from can access the internal host ( via the nat'd outside address (

Jon Marshall Fri, 06/20/2008 - 07:17


Sorry i didn't explain it properly. Even though you want a one to one mapping you are still dynamically allocating them as needed ie. until traffic passes through the router the NAT translation is not there and after a period of inactivity the translation is removed.



This Discussion