NAT or PBR !

Unanswered Question
Oct 20th, 2009
User Badges:

Hi all. Kindly guide me in this since i dont know why its happening

I have 3 routers connected via serial interfaces like this


R1 IP =

R2 IP(for R1) =

R2 IP(for R3) =

R3 IP =

Now R2 is connected to R1 on Se0/0

to R3 on Se0/1

I have configured se0/1 ip nat inside

se0/0 ip nat outside

and then

ip nat inside source static

Now when R1 sends a packet destined to R2 doesnt reply but performs translation first ! and sends the packet out to R3. This is i have tested and its working 100% what i described. My confusion is why is this so ? a packet destined to router itself why its being translated first ?

In order to check further i applied a PBR, which purpose is, if any packet from comes for just send it to R3 ( I have applied the policy as local and interface PBR but its not working !!!.

Can someone explain me this behaviour.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
thotsaphon Wed, 10/21/2009 - 00:37
User Badges:
  • Gold, 750 points or more


Hi, how are you doing?

Regarding to your question. Well,it works as expected.

Router will do a static nat(outside-to-inside) first before doing a routing process for Outside-to-Inside(Nat).

For PBR, If the nat statement still exists,packet won't be matched with your PBR because the packets get traslated before being sent to PBR process. The destination will be translated to what you've defined on the NAT statement.



illusion_rox Wed, 10/21/2009 - 00:54
User Badges:

Dear Toshi, thanks for the feedback. Sorry i forgot to mention i was testing them seperately. When i configured PBR, i removed nat configuration.

Kindly guide me now

thotsaphon Wed, 10/21/2009 - 01:14
User Badges:
  • Gold, 750 points or more


Do R3 have a route for 11.0.0.x network pointed back to R2? If not,It won't work anyway. The destination IP address is On R3 point of view, it will see a destination IP address as After that droping it because it has no idea about this prefix.



illusion_rox Wed, 10/21/2009 - 02:06
User Badges:

Dear Sir, currently i am troubled with R2 point of view. Pls consider all other factors in place i.e. reverse route and all.

Can you kindly help me why PBR is not working and NAT is !!!

Kindly guide me

thotsaphon Wed, 10/21/2009 - 04:07
User Badges:
  • Gold, 750 points or more


Sorry guys, I missed reading the whole question. You were trying to creat a packet with Src: and Dst: You also want R2 to do PBR to forward the packet to R3. R2 point of view, PBR won't work in this case because the destination you have configured on the ACL is the IP address of the Router. I mean, all of ip addresses assigned to the router will fall in this case. If you really want to accomplish this task, you must use a local policy to redirect the packet to R3. However, it's a return packet that is originated by the router. That's Src: and Dst: You now can use ip local policy route-map to forward this packet to next-hop of R3.




This Discussion