Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Route-Map with NAT

I have a 7206 Router with 4 FA interface, 3 of which is connected to my ISP Routers, and port fa4/0 is connected to a layer 2 switch going to my LAN.

I have configure the router with PBR and trunking to support my multiple subnets with in my LAN.

NAT is also implemented in my network.

My problem was if i ping our server which has a public IP ( from my station ( I am getting an RTO error. But when I check the show ip nat translation logs. I can see that my attempts are translated from private to public going to the server. And I can't even ping the next hop router ( But I can surf the internet from my pc. its such that accessing the server within network are not working at all.

But if you try to ping or access the server outside of your network, its 100% working.

So i am getting clueless where am i going to start to troubleshoot.

Check my config below:

Exchange Server IP:





interface FastEthernet1/0

description Connection-to-Digitel

ip address

ip nat outside

ip policy route-map Digitel

duplex half

interface FastEthernet4/0.1

description VLAN1-Management

encapsulation dot1Q 1 native

ip address

no ip redirects

ip nat inside

ip nat pool primary-pool netmask

ip nat inside source route-map primary-map pool primary-pool overload

route-map primary-map permit 10

match ip address 10

set interface FastEthernet4/0


route-map Digitel permit 20

match ip address 30

set interface FastEthernet1/0

access-list 10 permit

access-list 30 permit

ip route

Our server and workstation are within my LAN. Can somebody check this out for me?

Thanks in advance


Re: Route-Map with NAT

Are you able to ping ip's like ip address. If so try to add a static ARP entry for the Server's MAc address on the router.

Re: Route-Map with NAT

Can I ask you why do you have the policy map 'ip policy route-map Digitel' appllied on F1/0 interface and it doesn't appear to have been configured correct. Can you remove the policy map from f1/0 and test?

If you can provide more details of what you are trying to accomplish with the policy routing then we can assist you in coming up with the right configuration required.