07-22-2010 11:53 AM - edited 03-04-2019 09:09 AM
I am trying to configure a policy-based static nat using route-maps on my ASR-1002 (Version 12.2(33)XNE) and I'm having a problem doing so.
I am finding that traffic flowing inside to outside is NATing properly, but connections initiated outside to inside, are not getting NAT'd. Looking at the translation table, no static entries exist for this configuration, but dynamic ones get created for the inside-to-outside flows.
The relevant parts of my config are shown below:
ip access-list extended NEOD-ROUTE-MAP-ACL
permit ip 10.10.70.0 0.0.0.255 138.218.232.128 0.0.0.63
permit ip 10.10.70.0 0.0.0.255 138.218.232.192 0.0.0.63
route-map NEOD-ROUTE-MAP permit 10
match ip address NEOD-ROUTE-MAP-ACL
ip nat inside source static 10.10.70.42 138.218.235.100 route-map NEOD-ROUTE-MAP
ip nat inside source static 10.10.70.20 138.218.235.101 route-map NEOD-ROUTE-MAP
ip nat inside source static 10.10.70.21 138.218.235.102 route-map NEOD-ROUTE-MAP
ip nat inside source static 10.10.70.36 138.218.235.103 route-map NEOD-ROUTE-MAP
ip nat inside source static 10.10.70.51 138.218.235.104 route-map NEOD-ROUTE-MAP
interface GigabitEthernet0/0/1
description INTERNAL NETWORK
ip address 10.10.223.5 255.255.255.0
ip access-group WAN-TO-LAN out
ip nat inside
ip virtual-reassembly
negotiation auto
cdp enable
end
interface GigabitEthernet0/0/3
description NEOD
ip address 138.218.251.66 255.255.255.248
ip nat outside
ip virtual-reassembly
no negotiation auto
crypto map NEOD-MAP
end
Solved! Go to Solution.
08-12-2010 10:15 AM
John,
Please check this bug CSCth55652, This feature is not supported on ASR as of now. Most likely will be supported in the next CCO release for ASR. This bug tracks the feature request for the same. Route-map on static Nat Doesnt work the same on ASR as it does on other router platforms, eg 3800 or 7200.
07-29-2010 04:03 PM
try this and you will find your way
ip nat inside source static tcp 10.10.70.42 8080 138.218.235.100 80
what it will do is that any packet coming on at the public ip on port 80 will be redirected to private ip on port 8080.
let me know if this helps.
Regards,
Syed
07-29-2010 07:56 PM
i think your issue because of the following:
when you use route-map with NAT extendable entry will be created by default which prevent outside connection from being intiated to inside
because there will be no one-one maping in the translation table
using reversible nat will make one-one entry with reversable NATing use the caoomd bellow at the end of you nating caomands
ip nat inside source static 10.10.70.42 138.218.235.100 route-map NEOD-ROUTE-MAP reversable
good luck
if helpful Rate
08-12-2010 09:15 AM
Thanks for your replies. It does not appear that "reversible" is an available option in my IOS version on this ASR. Not sure if there even is a version that supports this.
Anyone have any other ideas?
Thanks in advance.
John
08-12-2010 10:15 AM
John,
Please check this bug CSCth55652, This feature is not supported on ASR as of now. Most likely will be supported in the next CCO release for ASR. This bug tracks the feature request for the same. Route-map on static Nat Doesnt work the same on ASR as it does on other router platforms, eg 3800 or 7200.
08-12-2010 10:43 AM
Thank you thank you thank you!
John
01-24-2014 07:40 AM
Hi,
according to the cisco, you can find more info in Bug toolkit :
https://tools.cisco.com/bugsearch/bug/CSCth55652
Anyway, upgrading the ASR for releas 15.0(1)S / 15.1(1)S and above should resolve your issues. We've had the same issue and we are aiming for Release 3.7.4S ED as this seems to be stable enough and should be able to resolve this issue.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide