Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco IOS NAT Route Maps

Hello,

I am having some trouble using route-maps for NAT, I have simplified it as much as possible and I am still unable to get traffic to match.

Usng an ACL with the following configuration works fine:

ip nat pool pool-web01 150.100.1.1 150.100.1.1 netmask 255.255.255.248

ip nat inside source list acl-web01-out pool pool-web01 overload

!

ip access-list extended acl-web01-out

permit ip host 172.16.1.1 any

However using the same ACL in a route-map fails:

ip nat pool pool-web01 150.100.1.1 150.100.1.1 netmask 255.255.255.248

ip nat inside source route-map rm-web01-out pool pool-web01 overload

!

ip access-list extended acl-web01-out

permit ip host 172.16.1.1 any

!

route-map rm-web01-out permit 10

match ip address acl-web01-out

Can anyone explain what the issue is here?

Thanks.

6 REPLIES

Cisco IOS NAT Route Maps

Try numbered ACL, I've had issues with NAT route-maps and named ACLs.

New Member

Re: Cisco IOS NAT Route Maps

I have a continus ping going, still no matches with a numbered ACL in the route-map.

router#show route-map rm-web01-out

route-map rm-web01-out, permit, sequence 10

  Match clauses:

    ip address (access-lists): 177

  Set clauses:

  Policy routing matches: 0 packets, 0 bytes

or on the ACL

router#show route-map rm-web01-out

Extended IP access list 177

    10 permit ip host 172.16.1.1 any

Cisco IOS NAT Route Maps

I don't think you'll see matches in route maps and ACLs. There are a bunch of various situations in IOS where ACL and ROUTE MAP matches will not be tracked.

Re: Cisco IOS NAT Route Maps

Don't you need a set statement after the match address?

Sent from Cisco Technical Support iPad App

Cisco IOS NAT Route Maps

Steven,

Most probably you are hitting an IOS bug because configuration wise there is no problem in your config.

It does happen sometimes that same NAT statement does not work with a Standard ACL whereas it will work fine with an Extended ACL, or it will not work with Route-map but will work fine with an ACL

Any specific reason you want to use Route-map in NAT overload?

If this is a major requirement, then check to see if you can for an IOS upgrade on the router

Hope it helps

Neeraj

New Member

Cisco IOS NAT Route Maps

Neeraj,

I have considered that it could be an IOS bug however I am running the latest 12.4 code (124-24.T5) and I am sure I have seen similar problems with routers running 15.x code as well.

I need to use a route-map becasue I have a second internet connection and I want to use also match an interface in the route-map. I think I may raise a TAC case for this one.

Thanks for your help.

Steve

726
Views
0
Helpful
6
Replies
CreatePlease to create content