Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NAT with route-maps


I would like to accomplish the following scenario:

Deny NAT from any local to local address.

Permit NAT from to any global address using the OG ip on Lo10.

Permit NAT from to any global address using the OG ip on Lo11.

Permit NAT from any local address to any global address using the OG ip on Eth0.

How am I going to accompish this?

PS. I described it as NAT but I actually mean PAT, so I would like to use overloading.

  • LAN Switching and Routing
New Member

Re: NAT with route-maps

ip nat inside list 101 interface loop0 overlload

ip nat inside list 102 interface loop1 overload

ip nat inside list 103 interface ether0 overload

access-list 101 deny local local

access-list 101 permite any

same with access-list 102

and same with access-list 103

i hope this helps.

Re: NAT with route-maps


access-list 100 permit ip any

access-list 101 permit ip any

accessaccess-list 102 permit ip any any


ip nat source list 100 interface Lo10 overload

ip nat source list 101 interface Lo11 overload

ip nat source list 102 interface Eth0 overload

apply the ip nat inside and ip nat outisde on the right places

good luck

if helpful Rate

New Member

Re: NAT with route-maps

Dear Marwanshawi,

your configuration doesnt comply with requirements. look access-list 100 permits everything from and this includes

that is why i added the deny statements in the access-list so that local networks can talk to each other without any problems. the deny statement in the network will stop translation for these networks.

i hope u understand what i am trying to say.


Re: NAT with route-maps

nice of u amit :)

New Member

Re: NAT with route-maps

Ok but does the router use best match to match the specific ACL? Because a packet from to any which should match ACL 100 also matches ACL 102.

This widget could not be displayed.