Re: Static IP Nat Outside with Route-map

fady.nagy@orange.com · ‎05-23-2021

i have static IP NAT inside statement with route-ma( Route-map is working with extended ACL)

NATing is working without any problem

ip nat inside source static 192.168.1.10 x.x.x.x route-map TEST

for some reason.. i want to reverse the NATing statement from inside to outside.

However.. i tried to change the statement from Inside to outside and didnt work

need a help to do static NAT outside with route-map.??

balaji.bandi · ‎05-23-2021

However.. i tried to change the statement from Inside to outside and didnt work

explain more - inside to outside nat cover global NAT configuration right ? or you looking PBR with different Route ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

paul driver · ‎05-23-2021

Hello

fady.nagy@orange.com wrote:

i have static IP NAT inside statement with route-ma( Route-map is working with extended ACL)

NATing is working without any problem

i want to reverse the NATing statement from inside to outside.

What exaclty do you want to reverse, can you please elaborate

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

fady.nagy@orange.com · ‎05-26-2021

explain the problem 
! 
interface GigabitEthernet0/1/2
 description --- LAN
 ip nat inside 
! 
interface GigabitEthernet0/0/1.406
 description --- WAN
 ip nat outside 
! 
ip nat inside source static 192.168.1.10 x.x.x.x route-map TEST 
! 
ip route x.x.x.x 255.255.255.255 GigabitEthernet0/1/2 10.20.20.1 
! 
the route-map contains ACL to block IPs and only allows x.x.x.x. 
Targeted: 
! 
interface GigabitEthernet0/1/2
 description --- LAN
 ip nat outside 
! 
interface GigabitEthernet0/0/1.406
 description --- WAN
 ip nat inside 
! 
ip nat outside source static 192.168.1.10 x.x.x.x route-map TEST <<<<<<<<<<<<<<<< 
! 
ip route x.x.x.x 255.255.255.255 GigabitEthernet0/1/2 10.20.20.1 
! 
However: ip nat outside source static 192.168.1.10 x.x.x.x route-map TEST is not valid syntax 
Conf t 
! 
ip nat outside source static 192.168.1.10 x.x.x.x ? 

  add-route   Add a static route for outside local address
  extendable  Extend this translation when used
  no-alias    Do not create an alias for the local address
  no-payload  No translation of embedded address/port in the payload
  redundancy  NAT redundancy operation

 ------ 
Conf t 
! 
ip nat outside source static ?

  A.B.C.D  Outside global IP address
  network  Subnet translation
  tcp      Transmission Control Protocol
  udp      User Datagram Protocol

paul driver · ‎05-26-2021

Hello
Your outside source ip address isn't applicable, it needs to be a public or outside ip address not a internal ip address,

examples:
access-list 1 permit host 1.1.1.1
route-map NAT
match ip address 1

ip nat pool INPOOL 192.1681.11 192.168.1.11 prefix-length
ip nat outside source route-map NAT pool INPOOL

or
ip nat outside source static 1.1.1.1 192.168.1.11

or
ip nat outside source list 1 pool INPOOL

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

fady.nagy@orange.com · ‎05-27-2021

Thanks Paul..

During my search I found something but not sure if it will work or not.

!

Ip nat inside source static x.x.x.x 192.168.1.10 route-map Test reversible

!

balaji.bandi · ‎05-27-2021

Do you have different Route Route inside ? why you like to have Route-map

route-map TEST

this should work for you : if you looking static NAT.

ip nat outside source static 192.168.1.10 x.x.x.x

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

fady.nagy@orange.com · ‎05-27-2021

Actually I have different NAT statements with different routes.

That why I am using the route-maps.

balaji.bandi · ‎05-27-2021

I may have missed some information here, what is this device ? can you post show version ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

fady.nagy@orange.com · ‎05-27-2021

The device is asr1001x with ios release 16.12.05

balaji.bandi · ‎05-27-2021

Thanks for the information

Ip nat inside source static x.x.x.x 192.168.1.10 route-map Test reversible

as per the output after IP you do not see route-map option that is the reason i have asked what code running here.

what is the outcome @paul driver suggested method ? is this not workable for you. Let me review IOS XE command reference anything changed to do suggest best.

mean time you can check this example :

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipaddr_nat/configuration/15-mt/nat-15-mt-book/iadnat-rmap-outin.html#GUID-B6C74F5E-86F1-45E1-90E4-C688AC31CE32

https://community.cisco.com/t5/networking-documents/how-to-configure-static-nat-with-route-maps/ta-p/3132855

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help