Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1350
Views
0
Helpful
6
Replies

Cisco IOS NAT Route Maps

Steven Mills
Level 1
Level 1

‎04-08-2012 12:01 AM - edited ‎03-04-2019 03:57 PM

Hello,

I am having some trouble using route-maps for NAT, I have simplified it as much as possible and I am still unable to get traffic to match.

Usng an ACL with the following configuration works fine:

ip nat pool pool-web01 150.100.1.1 150.100.1.1 netmask 255.255.255.248

ip nat inside source list acl-web01-out pool pool-web01 overload

!

ip access-list extended acl-web01-out

permit ip host 172.16.1.1 any

However using the same ACL in a route-map fails:

ip nat pool pool-web01 150.100.1.1 150.100.1.1 netmask 255.255.255.248

ip nat inside source route-map rm-web01-out pool pool-web01 overload

!

ip access-list extended acl-web01-out

permit ip host 172.16.1.1 any

!

route-map rm-web01-out permit 10

match ip address acl-web01-out

Can anyone explain what the issue is here?

Thanks.

Labels:
0 Helpful
6 Replies 6

Roman Rodichev
Level 7
Level 7

‎04-08-2012 12:20 AM

Try numbered ACL, I've had issues with NAT route-maps and named ACLs.

0 Helpful

Steven Mills
Level 1
Level 1
In response to Roman Rodichev

‎04-08-2012 12:27 AM

I have a continus ping going, still no matches with a numbered ACL in the route-map.

router#show route-map rm-web01-out

route-map rm-web01-out, permit, sequence 10

  Match clauses:

    ip address (access-lists): 177

  Set clauses:

  Policy routing matches: 0 packets, 0 bytes

or on the ACL

router#show route-map rm-web01-out

Extended IP access list 177

    10 permit ip host 172.16.1.1 any

0 Helpful

Roman Rodichev
Level 7
Level 7
In response to Steven Mills

‎04-08-2012 12:31 AM

I don't think you'll see matches in route maps and ACLs. There are a bunch of various situations in IOS where ACL and ROUTE MAP matches will not be tracked.

0 Helpful

Jeff Van Houten
Level 5
Level 5

‎04-08-2012 08:46 AM

Don't you need a set statement after the match address?

Sent from Cisco Technical Support iPad App

0 Helpful

Neeraj Arora
Level 3
Level 3

‎04-10-2012 08:06 AM

Steven,

Most probably you are hitting an IOS bug because configuration wise there is no problem in your config.

It does happen sometimes that same NAT statement does not work with a Standard ACL whereas it will work fine with an Extended ACL, or it will not work with Route-map but will work fine with an ACL

Any specific reason you want to use Route-map in NAT overload?

If this is a major requirement, then check to see if you can for an IOS upgrade on the router

Hope it helps

Neeraj

0 Helpful

Steven Mills
Level 1
Level 1
In response to Neeraj Arora

‎04-11-2012 03:18 AM

Neeraj,

I have considered that it could be an IOS bug however I am running the latest 12.4 code (124-24.T5) and I am sure I have seen similar problems with routers running 15.x code as well.

I need to use a route-map becasue I have a second internet connection and I want to use also match an interface in the route-map. I think I may raise a TAC case for this one.

Thanks for your help.

Steve

0 Helpful
Customers Also Viewed These Support Documents