"ip nat inside source static network" with route-map

Unanswered Question
Jun 19th, 2008

How would you use "ip nat inside source static network" with an route-map? The specific situation is:

Inside LAN: 192.168.1.0/24

The inside LAN address should be NAT'd to 172.30.11.0/24 only if the traffic is going to 172.30.10.0/24.

I have tried the following with no luck:

ip access-list extended nat-acl

permit ip 192.168.1.0 0.0.0.255 172.30.10.0 0.0.0.255

route-map nat-map permit 10

match ip addres nat-acl

ip nat inside source static network 192.168.1.0 172.30.11.0 /24 route-map nat-map

However, if the route-map is not specified in the "ip nat inside source static network", the translation works for all traffic.

On the other side, I was able to set this up with "ip nat pool" and route-map.

ip nat inside source list nat-acl route-map nat-map pool nat-pool

ip nat pool nat-pool 172.30.11.0 172.30.11.255 netmask 255.255.255.0 type match-host

Any advice is appreciated!

Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 06/19/2008 - 13:00

Zhen

The way you have set it up is the correct way although if you are not matching on something other than source & destination IP addresses you could just as easily have done

ip nat inside source list nat-acl pool nat-pool

ie. you only need a route-map if you want to match on other things such as next-hop ip address/output interface etc.

You would not use the static statement -

ip nat inside source static network 192.168.1.0 172.30.11.0 /24 route-map nat-map

because you are dynamically Natting source IP addresses not statically mapping them.

Hope this makes sense.

Jon

zhenxu_zj Thu, 06/19/2008 - 19:11

Indeed, I do need static one-to-one mapping so that outside host (from 172.30.10.0/24) can access the internal host (182.168.1.0/24) via the nat'd outside address (172.30.11.0/24).

Jon Marshall Fri, 06/20/2008 - 07:17

Zhen

Sorry i didn't explain it properly. Even though you want a one to one mapping you are still dynamically allocating them as needed ie. until traffic passes through the router the NAT translation is not there and after a period of inactivity the translation is removed.

Jon

Actions

This Discussion