"ip nat inside source static network" with route-map

Unanswered Question
Jun 19th, 2008
User Badges:

How would you use "ip nat inside source static network" with an route-map? The specific situation is:


Inside LAN: 192.168.1.0/24


The inside LAN address should be NAT'd to 172.30.11.0/24 only if the traffic is going to 172.30.10.0/24.


I have tried the following with no luck:


ip access-list extended nat-acl

permit ip 192.168.1.0 0.0.0.255 172.30.10.0 0.0.0.255


route-map nat-map permit 10

match ip addres nat-acl


ip nat inside source static network 192.168.1.0 172.30.11.0 /24 route-map nat-map


However, if the route-map is not specified in the "ip nat inside source static network", the translation works for all traffic.


On the other side, I was able to set this up with "ip nat pool" and route-map.


ip nat inside source list nat-acl route-map nat-map pool nat-pool

ip nat pool nat-pool 172.30.11.0 172.30.11.255 netmask 255.255.255.0 type match-host


Any advice is appreciated!


Thanks!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Thu, 06/19/2008 - 13:00
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Zhen


The way you have set it up is the correct way although if you are not matching on something other than source & destination IP addresses you could just as easily have done


ip nat inside source list nat-acl pool nat-pool


ie. you only need a route-map if you want to match on other things such as next-hop ip address/output interface etc.


You would not use the static statement -


ip nat inside source static network 192.168.1.0 172.30.11.0 /24 route-map nat-map


because you are dynamically Natting source IP addresses not statically mapping them.


Hope this makes sense.


Jon

zhenxu_zj Thu, 06/19/2008 - 19:11
User Badges:

Indeed, I do need static one-to-one mapping so that outside host (from 172.30.10.0/24) can access the internal host (182.168.1.0/24) via the nat'd outside address (172.30.11.0/24).

Jon Marshall Fri, 06/20/2008 - 07:17
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Zhen


Sorry i didn't explain it properly. Even though you want a one to one mapping you are still dynamically allocating them as needed ie. until traffic passes through the router the NAT translation is not there and after a period of inactivity the translation is removed.


Jon

Actions

This Discussion