Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

static NAT with route-map

Hi everyone,

i need to know if the following problem can be solved with an ISR x800 (adv sec image) and if it can, how.

The problem is: i have a single public ip and a server inside with a private ip.

I need to forward tcp (port 85) trafic coming from some public addresses to the internal server on port 86; and the rest of the internet coming on the same port (85) to the same internal server, but on other port (88).

I was thinking about someting like:

access-list extended ACL_1

permit ip the_public_ip_1 my_public_ip

permit ip the_public_ip_2 my_public_ip

route-map RMAP_1

match ip address ACL_1

access-list extended ACL_2

deny ip the_public_ip_1 my_public_ip

deny ip the_public_ip_2 my_public_ip

permit ip any any

route-map RMAP_2

match ip address ACL_2

ip nat inside source static tcp 86 85 route-map RMAP_1 reversible

ip nat inside source static tcp 88 85 route-map RMAP_2 reversible

But it does not work.

Any ideeas?

The reason for needing this is because i need to migrate from a linux to cisco and on the linux box it can be done.


Hall of Fame Super Silver

Re: static NAT with route-map

Hello Costin,

I remember a similar thread of some mounths ago.

From the command reference of 12.4 the syntax of command ip nat inside source is described as follows:

ip nat inside source static {tcp | udp {local-ip local-port global-ip global-port | interface global-port}} [extendable | mapping-id map-id | no-alias | no-payload | redundancy group-name | route-map | reversible | vrf name] [match-in-vrf]


in that case was the combination of static NAT on specific TCP ports that didn't work with a route-map.

A static NAT not port based was able to invoke and use a route-map instead a NAT port specific NAT not.

the command syntax says that some parameters are in or when you see "|"

So you may be facing a functional limitation of IOS.

Hope to help


CreatePlease to create content