static NAT with route map to exclude VPN

Answered Question
Dec 10th, 2009

We are having problems accessing some static NATted IPs over a VPN.  After doing some research, we learned you need to exclude traffic destined for the VPN from the static NAT using a route-map. So we did this:

10.1.1.x is the VPN IP pool.

access-list 130 deny   ip
access-list 130 permit ip any

route-map nonat permit 10
match ip address 130

ip nat inside source static route-map nonat

The above worked to fix the VPN issue but the IP is no longer available publicly via  What seems to happen is that the static NAT is not really working and this IP is being NATted with the PAT IP.

Any ideas on how to get this to work?


I have this problem too.
0 votes
Correct Answer by Laurent Aubert about 6 years 10 months ago


The following example details exactly your case:

Try replacing the subnet by the host address.

It should work



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)


This Discussion