Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Static Network NAT and Route-Maps

I'm trying to set up a static network NAT, but only when trying to communicate to a particular host. This is in a test lab at the moment.

What I want to happen is that when a host on the 172.16.1.0/24 network tries to talk to 192.168.1.65 it would be static network natted to the respective IP in 192.168.2.0/24.

This is what I have so far:

!
!
interface FastEthernet0/0
ip address 192.168.1.151 255.255.255.0
ip nat outside
!
interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
ip nat inside
!
ip nat inside source static network 172.16.1.0 192.168.2.0 /24 route-map NAT-TEST1
!
!
ip access-list extended NAT-LIST1
permit ip 172.16.1.0 0.0.0.255 host 192.168.1.65
!
route-map NAT-TEST1 permit 10
match ip address NAT-LIST1
!
!

But this is not working. The hosts are still passing without being natted. The access-list is being matched, but the route-map policy does not show as a match.

If I remove the route-map from the nat command, the static nat works fine.

Any ideas?

Everyone's tags (4)
1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Blue

Re: Static Network NAT and Route-Maps

sganpat wrote:

I'm trying to set up a static network NAT, but only when trying to communicate to a particular host. This is in a test lab at the moment.

What I want to happen is that when a host on the 172.16.1.0/24 network tries to talk to 192.168.1.65 it would be static network natted to the respective IP in 192.168.2.0/24.

This is what I have so far:

!
!
interface FastEthernet0/0
ip address 192.168.1.151 255.255.255.0
ip nat outside
!
interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
ip nat inside
!
ip nat inside source static network 172.16.1.0 192.168.2.0 /24 route-map NAT-TEST1
!
!
ip access-list extended NAT-LIST1
permit ip 172.16.1.0 0.0.0.255 host 192.168.1.65
!
route-map NAT-TEST1 permit 10
match ip address NAT-LIST1
!
!

But this is not working. The hosts are still passing without being natted. The access-list is being matched, but the route-map policy does not show as a match.

If I remove the route-map from the nat command, the static nat works fine.

Any ideas?

Have a look at this doc -

http://www.cisco.com/en/US/customer/docs/ios/12_2t/12_2t4/feature/guide/ftnatrt.html

note that just under the Feature Overview is this note -

Note Network static support is not included in this feature

so you would have to do them one by one i'm afraid.

Jon


3 REPLIES
New Member

Re: Static Network NAT and Route-Maps

Ping Outside using Source IP of 192.168.1.65.

Then get the output of "sh ip nat translations"

Hall of Fame Super Blue

Re: Static Network NAT and Route-Maps

sganpat wrote:

I'm trying to set up a static network NAT, but only when trying to communicate to a particular host. This is in a test lab at the moment.

What I want to happen is that when a host on the 172.16.1.0/24 network tries to talk to 192.168.1.65 it would be static network natted to the respective IP in 192.168.2.0/24.

This is what I have so far:

!
!
interface FastEthernet0/0
ip address 192.168.1.151 255.255.255.0
ip nat outside
!
interface FastEthernet0/1
ip address 172.16.1.1 255.255.255.0
ip nat inside
!
ip nat inside source static network 172.16.1.0 192.168.2.0 /24 route-map NAT-TEST1
!
!
ip access-list extended NAT-LIST1
permit ip 172.16.1.0 0.0.0.255 host 192.168.1.65
!
route-map NAT-TEST1 permit 10
match ip address NAT-LIST1
!
!

But this is not working. The hosts are still passing without being natted. The access-list is being matched, but the route-map policy does not show as a match.

If I remove the route-map from the nat command, the static nat works fine.

Any ideas?

Have a look at this doc -

http://www.cisco.com/en/US/customer/docs/ios/12_2t/12_2t4/feature/guide/ftnatrt.html

note that just under the Feature Overview is this note -

Note Network static support is not included in this feature

so you would have to do them one by one i'm afraid.

Jon


New Member

Re: Static Network NAT and Route-Maps

Hi Jon,

I had looked at this document before and I missed that entire line. They should put a big "NOTE" at the side so you won't miss it. :-)

Sachin

972
Views
0
Helpful
3
Replies