cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
377
Views
0
Helpful
4
Replies

NAT Issue with PBR

ahmad82pkn
Level 2
Level 2

Am i doing any logical mistake here?

I have one destination that is 150.150.150.150  and Three Sources Need to Access it.

I want my Source                 1.1.1.1 to NAT into 2.2.2.1 when it hit Destination 150.150.150.150

I want my Second Source     1.1.1.2 to NAT into 2.2.2.2 when it hit Destination 150.150.150.150

i want my Third     Source     1.1.1.3 to NAT into 2.2.2.3 when it hit Destination 150.150.150.150

Here is NAT Config with PBR

ip nat inside source static 1.1.1.1 2.2.2.1 route-map PBRMAP

ip nat inside source static 1.1.1.2 2.2.2.2 route-map PBRMAP

ip nat inside source static 1.1.1.3 2.2.2.3 route-map PBRMAP

route-map PBRMAP 10

      match ip address PBR

Extended IP access list PBR

    20 permit ip host 1.1.1.1 host 192.168.151.50

    30 permit ip host 1.1.1.2 host 192.168.151.50

    40 permit ip host 1.1.1.3 host 192.168.151.50

Soem times it works, some time it doesnt. am i doing logical mistake by calling same Route map in all three NAT statements?

Do i need to create 3 different Routemaps and ACL?

or above config is good and should be working as desired?

4 Replies 4

Harold Ritter
Cisco Employee
Cisco Employee

Hi,

"route-map PBR" should be referring to a route-map and not directly to an ACL. Please refer to the following document for more information.

https://supportforums.cisco.com/docs/DOC-5061

Regards

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Sorry Harold, i forgot to  mention route configuration in my post.

i have edited my post.

Now if you see full configuration above.

is it logically correct?  i mean can i use same Route Map Name and Same ACL Name in above scenario? or i need to build 3 route maps and 3 ACL?

Hi,

Why are you using static NAT to do this ?

I would  use dynamic NAT if the communication is always initiated by your hosts and would do something like this:

ip nat pool pool1 2.2.2.1 2.2.2.1 prefix-length 24

ip nat pool pool2 2.2.2.2 2.2.2.2 prefix-length 24

ip nat pool pool3 2.2.2.3 2.2.2.3 prefix-length 24

ip nat inside source route-map pool1 pool pool1

ip nat inside source route-map pool2 pool pool2

ip nat inside source route-map pool3 pool pool3

access-list 100 permit ip host 1.1.1.1 host 150.150.150.150

access-list 101 permit ip host 1.1.1.2 host 150.150.150.150

access-list 102 permit ip host 1.1.1.3 host 150.150.150.150

route-map pool1 permit 10

match ip address 100

route-map pool2 permit 10

match ip address 101

route-map pool3 permit 10

match ip address 102

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Actually, Connection can be originated from any side, so that is why i need static natting.

you created three different route map and ACL.

isnt the way i did, by using single ACL and single Route map, this be accomplished? though in my configuration, it some times work, some times dont.

so i wanted to clarify that part. single route map + single ACL ( and if not then Why? )

OR

Multiple Route map and Multiple ACL ( Although it will make my config tooooo long in case i have more IP's )

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco