Hello there,

i would like to implement some special nat configuration to a Cisco ISR 4331.

I have one outside interface, in this example with the address 11.22.33.44 und an internal interface, lets say 192.168.1.0/24.

They are both in the same VRF. Using a VRF for these interfaces is mandetory.

interface gi0/0/0

description outside

ip add 11.22.33.44 255.255.255.252

vrf forwarding INET

ip nat outside

interface gi0/0/1

description inside

ip add 192.168.1.1 255.255.255.255

vrf forwarding INET

ip nat inside

vrf forwarding INET

Now, i wanto to implement some portforwariding like this:

192.168.1.10 should be reachable over the public ip adress an the ports 111 ,222, 333

192.168.1.20 should be reachable over the public ip adress an the ports 444, 555, 666

192.168.1.30 should be reachable over the public ip adress an the ports 777, 888, 999

i used to configure ip nat inside destination list <ACLwithPorts> pool <poolwithclientip>

but unfortenately this solution seems not to be vrf-aware.

i also tried to use route-maps, but i can´t use two lines with the same outside ip:

ip nat inside source static 192.168.1.10 11.22.33.44 vrf INET route-map <MapwithPorts> extendable

ip nat inside source static 192.168.1.20 11.22.33.44 vrf INET route-map <MapwithotherPorts> extandable

% 192.168.1.20 already mapped (192.168.1.10 -> 11.22.33.44)

Somebody has a good solution except that i use multiple static nat commands for each port/inside host?