static nat with route-map condition issues

Unanswered Question

Came upon this a few times recently, wondering if anyone has faced this before…

Has anyone noticed that if you make a static nat rule with a route-map exemption it works on certain routers, and ios versions but not on others??? take this config for instance….

Ip nat pool verizon netmask

Ip nat inside source route-map nat pool verizon overload

Ip nat inside source static route-map servers-nat extendable

route-map nat

match ip address 101

route-map servers-nat

match ip address 102

access-list 101 deny

access-list 101 permit any

access-list 102 deny

access-list 102 permit host any

What is happening is the SERVER at is matching the pool and being natted the pool address instead of its static nat ip.. if I remove the "route-map servers-nat extendable" argument at the end of the static nat, of course it works...

I have the latest IOS on all the routers i'm doing this with...

Any suggestions?




I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Giuseppe Larosa Sat, 04/25/2009 - 01:22

Hello Joe,

what if you write ACL 101 as:

access-list 101 deny ip

access-list 101 deny ip host any

access-list 101 permit ip any

in this way host is explicitly denied in ACL 101 and shouldn't be natted by the pool.

Hope to help



This Discussion