ā08-01-2016 06:18 AM - edited ā03-07-2019 12:18 AM
Hi there,
Are there any limitations regarding static NAT implemented with route map on ISR 4321 routers?
I have configured two static NATs but only one is translating. Other one is not translating, it keeps the original source address.
This seems to be very confusing, because along mentioned two static NATs with route map I have a lot of others that are translating just fine.
Than you and kind regards,
Miroslav
ā08-01-2016 06:27 AM
Hello
Can you explain a little further as to what you are trying to accomplish and maybe post the configuration also.
res
Paul
ā08-01-2016 07:14 AM
Hi Paul,
The configuration is following:
ip nat inside source static 10.10.19.10 10.10.40.20 route-map NAT-A
ip nat inside source static 10.10.19.10 10.10.50.30 route-map NAT-B
route-map NAT-A permit 10
match ip address A_to
ip access-list extended A_to
permit ip any host 10.0.15.25
route-map NAT-B permit 10
match ip address B_to
ip access-list extended B_to
permit ip any host 10.220.100.30
When trying to access 10.0.15.25 translation is OK, source address is translating into 10.10.40.20. But when trying to access 10.220.100.30 translation is not occurring.
Swapping of translation addresses is tried but with no success. Source is always translated for route map A, but not for B.
Match commands under the route-map statement are swapped, but again only route map A is matched.
New route map is created to replace B route map but with the same result.
When debug is turned on message ipnat_update_static_refcnt - nat entry 0x7FD21A0698A0 mapping_id 59 updated - nat->refcount 1 nat->usecount 1 is printed for A route map but for B there is nothing.
One interesting thing happened also, when access list C was removed, that is used for static NAT below, NAT for route map B started translating.
ip nat inside source static 10.11.12.75 10.10.13.67 route-map NAT-C
ip nat inside source static 10.11.12.79 10.10.13.68 route-map NAT-C
ip nat inside source static 10.11.12.80 10.10.13.80 route-map NAT-C
ip nat inside source static 10.11.12.84 10.10.13.83 route-map NAT-C
ip nat inside source static 10.11.12.74 10.10.13.84 route-map NAT-C
ip nat inside source static 10.11.12.83 10.10.13.90 route-map NAT-C
ip nat inside source static 10.11.12.77 10.10.13.91 route-map NAT-C
ip nat inside source static 10.11.12.78 10.10.13.92 route-map NAT-C
ip nat inside source static 10.11.12.82 10.10.13.93 route-map NAT-C
ip nat inside source static 10.11.12.76 10.10.13.99 route-map NAT-C
route-map NAT-C permit 10
match ip address C_to
ip access-list extended C_to
deny ip any host 10.21.54.15
permit ip any any
I hope that is something clearer now.
Kind regards,
Miroslav
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: