How is the processing order of nat rules with routemaps determined?

john-herdy · ‎04-17-2013

Hi network gurus,

(part of the configuration)

interface FastEthernet0/1

ip address 192.168.1.1 255.255.255.0

ip nat enable

ip nat source route-map RMAP1 pool POOL1 overload

ip nat source route-map RMAP2 interface FastEthernet0/1 overload

access-list 1 permit 10.4.0.0 0.0.255.255

access-list 2 permit 10.0.0.0 0.255.255.255

route-map RMAP1 permit 10

match interface FastEthernet0/1

match ip address 1

route-map RMAP2 permit 10

match interface FastEthernet0/1

match ip address 2

ip nat pool POOL1 192.168.1.10 192.168.1.10 netmask 255.255.255.0

When I connect from 10.4.0.1 I get RMAP1. When I connect from 10.3.0.1 I get RMAP 2. This is the desired result, but I want to understand why?

10.4.0.1 also matches with access-list 2. I have tried to change the order of all components in the configuration but I always get the same result. Is this done automatically, because access-list 1 is more specific/explicit? Without removing RMAP2 is it possible to match 10.4.0.1 with access-list 1/RMAP1? How can I manipulate the order of processing?

It is really strange to me, because I cannot explicitly configure a desired order. Please help me understand. I hope you understand my question. I have googled and read articles for hours, but I can't find this information. I really depend on a network guru right now.

John