Static NAT with route-map and NAT overload conflict

Unanswered Question
Oct 27th, 2011

I'm using a route-map with a static NAT so the static NAT will be used only when the computer and a specific destination subnet try to communicate in both directions. The problem is that when the computer initiates communication with the destination subnet, the NAT overload is used. When the destination subnet initiates communication with the computer, the static NAT is used. I want the static NAT used in both directions. Here is the relevant part of the config:

ip nat pool VPNSomerset_NAT-pool 172.18.189.254 172.18.189.254 netmask 255.255.255.0

ip nat inside source route-map VPNSomerset_NAT pool VPNSomerset_NAT-pool overload

ip nat inside source static 10.20.130.210 172.18.189.247 route-map all_10-18

ip access-list extended VPNSomerset_NAT-ACL

permit ip 10.20.20.0 0.0.0.255 10.18.0.0 0.0.0.255

permit ip 10.20.20.0 0.0.0.255 10.61.0.0 0.0.255.255

permit ip 10.20.40.0 0.0.0.255 10.18.0.0 0.0.0.255

permit ip 10.20.110.0 0.0.0.255 10.18.0.0 0.0.0.255

permit ip 10.20.120.0 0.0.0.255 10.18.0.0 0.0.0.255

permit ip 10.20.130.0 0.0.0.255 10.18.0.0 0.0.0.255

permit ip 10.20.30.0 0.0.0.255 10.18.0.0 0.0.0.255

permit ip 10.20.50.0 0.0.0.255 10.18.0.0 0.0.0.255

ip access-list extended all_10-18_NAT-ACL

permit ip any 10.18.0.0 0.0.0.255

route-map all_10-18 permit 10

match ip address all_10-18_NAT-ACL

route-map VPNSomerset_NAT permit 10

match ip address VPNSomerset_NAT-ACL

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 0 (0 ratings)
Edison Ortiz Thu, 10/27/2011 - 08:56

Modify your ACL as followed:

ip access-list extended VPNSomerset_NAT-ACL

deny ip host 10.20.130.210 10.18.0.0 0.0.0.255

permit ip 10.20.20.0 0.0.0.255 10.18.0.0 0.0.0.255

permit ip 10.20.20.0 0.0.0.255 10.61.0.0 0.0.255.255

permit ip 10.20.40.0 0.0.0.255 10.18.0.0 0.0.0.255

permit ip 10.20.110.0 0.0.0.255 10.18.0.0 0.0.0.255

permit ip 10.20.120.0 0.0.0.255 10.18.0.0 0.0.0.255

permit ip 10.20.130.0 0.0.0.255 10.18.0.0 0.0.0.255

permit ip 10.20.30.0 0.0.0.255 10.18.0.0 0.0.0.255

permit ip 10.20.50.0 0.0.0.255 10.18.0.0 0.0.0.255

jasonww04 Fri, 11/04/2011 - 07:52

So the overload NAT will take precedence over any static NAT? Is there anything I can do to change that precedence?

jasonww04 Mon, 01/09/2012 - 10:53

I fixed it by using a route-map at the end of a static NAT statement.

Please mark this post as answered.

Actions

Login or Register to take actions

This Discussion

Posted October 27, 2011 at 8:37 AM
Stats:
Replies:3 Avg. Rating:
Views:571 Votes:0
Shares:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,725
4 7,083
5 6,742
Rank Username Points
170
82
69
65
55