Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
918
Views
0
Helpful
2
Replies

NAT with Route Map logic

Go to solution
Pavel Doronin
Level 3
Level 3

‎11-21-2011 02:00 AM - edited ‎03-04-2019 02:21 PM

Here is wery pretty article about NAT with  multi-homing connection to Internet

http://www.nil.si/ipcorner/SmallSiteMultiHoming/

But i do not understand IOS and NAT logic in this commands (Listing 2):

ip nat inside source route-map ISP_A interface Serial0/0/0 overload

ip nat inside source route-map ISP B interface Serial0/0/1 overload

!

route-map ISP_A permit 10

match interface Serial0/0/0

!

route-map ISP_B permit 10

match interface Serial0/0/1

For me is equal to:

ip nat inside source (match interface Serial0/0/0) interface Serial0/0/0 overload

The explanation is not clear for me too:

NOTE

Having two route-maps matching outgoing interfaces (the match interfacestatement in a NAT route-map matches outgoing interface) is the only way to configure per-interface NAT pools in Cisco IOS.

Can anybody explain NAT logic in this example?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎11-21-2011 01:30 PM

simply NAT performed after Routing lookup

so it is not going to backhole th traffic

traffic comes if there is nat on the interface lets say from inside interface then the router first will look how to route the traffic to the actual destination IP then once it gose out a certain interface it will use the nat outside and static nat statement

but with the use of two interfaces with two static nat cisco IOS will always look on the first NAT command and this will be problem when the traffic is being routed over the second interface with differnt NAT and IP

by using match interface what you actually doing you adding a policy that match the exist interface whcih will enforce the NAT to use the relevant static NAT as mentioned becuase the routing done before NATing so the exist interface already selected

hope this help

if helpful Rate

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Thotsaphon Lueangwattanaphong
Level 7
Level 7

‎11-21-2011 02:41 AM

Hello,

    No,you're wrong. Router doesn't know how to do NAT on a particular interface. In case you have 2 WANs If you don't use route-map to control it. You might get blackhole when one interface goes down. Routes are gone but NAT still does.

!

ip nat inside source (match interface Serial0/0/0) interface Serial0/0/0 overload

!

  The above command is to do NAT with IP address assigned to Serial0/0/0.  Router doesn't check anything when Serail0/0/0 goes down. Router still does NAT for you but routes are gone. See problem when you have 2 WANs? 

HTH,

Toshi

0 Helpful

Go to solution
Marwan ALshawi
VIP Alumni
VIP Alumni

‎11-21-2011 01:30 PM

simply NAT performed after Routing lookup

so it is not going to backhole th traffic

traffic comes if there is nat on the interface lets say from inside interface then the router first will look how to route the traffic to the actual destination IP then once it gose out a certain interface it will use the nat outside and static nat statement

but with the use of two interfaces with two static nat cisco IOS will always look on the first NAT command and this will be problem when the traffic is being routed over the second interface with differnt NAT and IP

by using match interface what you actually doing you adding a policy that match the exist interface whcih will enforce the NAT to use the relevant static NAT as mentioned becuase the routing done before NATing so the exist interface already selected

hope this help

if helpful Rate

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card