cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3885
Views
5
Helpful
7
Replies

IP NAT Static with route map and NAT overload

Wan_Whisperer
Level 1
Level 1

All,

 

I have an Issue where I have a network 192.168.1.0/24 needs to have static NAT for two devices and NAT overload for the remainder.  The static NAT's are working but the Overload is not.......

The public IP's below are hidden but highlighted in ORANGE.

 

My setup


interface GigabitEthernet0/1
Description to Core
ip nat inside
ip address x.x.x.x
!
interface GigabitEthernet0/2
Description to Rourter7 
ip nat outside
ip address x.x.x.x
!
ip nat pool Pool1 X.X.X.100 X.X.X.100 netmask 255.255.255.0   ***Just using one IP for NAT overload***
!
ip nat inside source static 192.168.1.101 X.X.X.101 route-map StaticRM
ip nat inside source static 192.168.1.102 X.X.X.102 route-map StaticRM
!
ip nat inside source list NAT pool Pool1 overload
!
ip access-list extended NAT   ***If I do not have this, then my static NAT are ignored and everything is NAT overloaded***
deny ip host 192.168.1.101 any
deny ip host 192.168.1.102 any
permit ip 192.168.1.0 0.0.0.255 any
!
ip access-list extended StaticNat
deny ip 192.168.1.0 0.0.0.255 10.1.1.0 0.0.0.255    ***Do not want this static not when going to Router7***
deny ip 192.168.1.0 0.0.0.255 10.1.2.0 0.0.0.255    ***Do not want this static not when going to Router7***
permit ip 192.168.1.0 0.0.0.255 any
!
route-map StaticRM permit 10  ***I have this because I need to exclude the Static NAT for some networks going to Router7***
match ip address StaticNat
!

 

Thanks in advance!

 

 

1 Accepted Solution

Accepted Solutions

Jon Marshall
Hall of Fame
Hall of Fame

 

Replace this line in your route map acl - 

 

permit ip 192.168.1.0 0.0.0.255 any

 

with permit lines for each specific host you are doing static NAT for. 

 

Jon

 

 

 

View solution in original post

7 Replies 7

Hello,

 

static NAT takes precedence, so in theory you would not need the route maps for static NAT. Try the simplified config below:

 

ip nat inside source static 192.168.1.101 X.X.X.101
ip nat inside source static 192.168.1.102 X.X.X.102
!
ip nat inside source list 1 pool Pool1 overload
!
access-list 1 permit 192.168.1.0

Georg,

 

Thanks for the input but....If I remove the route map then how will I tell the Static NAT, not to NAT when going to the  10.1.1.0 0.0.0.255 network?

 

 

Hello,

 

where in your topology is R7 (and networks 10.1.1.024 and 10.1.2.0/24) ? Actually, what does your entire topology look like ?

Hello

Just like to add , i would suggest to keep the specific hosts from the dynamic nat acl and just amend your config a little then test again.

no route-map StaticRM
no ip nat inside source static 192.168.1.101 X.X.X.101 route-map StaticRM
no ip nat inside source static 192.168.1.102 X.X.X.102 route-map StaticRM

ip nat inside source static 192.168.1.101 X.X.X.101
ip nat inside source static 192.168.1.102 X.X.X.102


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Paul,

 

I replied to Georg, the only reason I use the Route map on my static NAT's is to ensure when a packet with a source address of 192.168.1.101 going to 10.1.1.0/24 or 10.1.2.0/24 will not NAT but if it goes to any other network it will NAT

Jon Marshall
Hall of Fame
Hall of Fame

 

Replace this line in your route map acl - 

 

permit ip 192.168.1.0 0.0.0.255 any

 

with permit lines for each specific host you are doing static NAT for. 

 

Jon

 

 

 

Jon,

 

Not all heroes wear capes!

 

You are the Bomb.com

 

Thanks again...all I needed to do is explicitly list each static NAT in the ACL just like you said.

Review Cisco Networking for a $25 gift card