Solved: Re: Static NAT exclusions via route map not working. - Page 2

Wan_Whisperer · ‎03-22-2019

Okay,

I have googled and I can't seem to understand why "ALL" my static NATs are excluded and they are failing over to NAT Overload.

NAT

So I have a private network 172.19.150.0/24 that is NAT overload but some are static inside that network. I need to exclude all static NAT to some networks. I am 90% it because of my Route Map.

What is happening is when I apply the Route map to the static NAT it is excluding the NAT to all netowrks and not the ones in my ACL and then hitting my NAT overload. I think its my Route map because when I remove the route map on the static NAT the 1 to 1 NAT works and when I add the Route map the statics don't work to any network and they Nat to my overload IP address.

See configs below:

ip nat pool Pool1 191.XXX.XXX.1 191.XXX.XXX.1 netmask 255.255.255.0
ip nat inside source static 172.19.150.125 191.XXX.XXX.49 route-map Static_Nat_RM redundancy 1 mapping-id 6
ip nat inside source static 172.19.150.190 191.XXX.XXX.93 route-map Static_Nat_RM redundancy 1 mapping-id 15

ip nat inside source list NATSource pool Pool1 redundancy 1 mapping-id 1 overload

route-map Static_Nat_RM permit 10
match ip address Static_Nat_ACL

ip access-list extended Static_Nat_ACL
deny ip host 172.19.150.190 103.XXX.XXX.0 0.0.3.255
permit ip 172.19.150.0 0.0.0.255 any

!
ip access-list extended NATSource
permit ip 172.19.150.0 0.0.0.255 any

When I am on 172.19.150.190 and I ping 8.8.8.8 I can see:

172.19.150.190 translating to 191.XXX.XXX.1

When I am on 172.19.150.190 and I ping 103.XXX.XXX.0 I can see:

172.19.150.190 translating to 191.XXX.XXX.1

When I ping 8.8.8.8 from 172.19.150.190 I want it to translate to 191.XXX.XXX.93 but its not.

**********************************************************************************************

If I remove my Route map from the static nat:

BEFORE:

ip nat inside source static 172.19.150.190 191.XXX.XXX.93 route-map Static_Nat_RM redundancy 1 mapping-id 15

AFTER:

ip nat inside source static 172.19.150.190 191.XXX.XXX.93 redundancy 1 mapping-id 15

and I get on 172.19.150.190 and I ping 8.8.8.8 I can see:

172.19.150.190 translating to 191.XXX.XXX.93

Sooo. It seems like something is wrong with my router map because I add it and noting is 1 to 1 natted at all...It just catches the NAT overload.

****edit***

Is it possible that it hitting the Overload NAT before it hits the static NAT?

Is my Route Map written incorrectly? (PS I see no hits on my ACL under the route map

Thanks,

Jaderson Pessoa · ‎03-22-2019

@Wan_Whisperer Hello,

route-map Static_Nat_RM permit 10 << this policy is applied on which interface? post here service policy
match ip address Static_Nat_ACL

ip access-list extended Static_Nat_ACL
deny ip host 172.19.150.190 103.XXX.XXX.0 0.0.3.255
permit ip 172.19.150.0 0.0.0.255 any

Jaderson Pessoa
*** Rate All Helpful Responses ***

Wan_Whisperer · ‎03-25-2019

Everyones reply got me thinking about order of operation and I figured it out!

For some reason when I add the route map to the one to one nat it hits the NAT overload first. Once I exclude the one to one from the NAT Overload it hits the One to One then hits the routemap!

So it works!

Jon Marshall · ‎03-25-2019

Sorry, I am not following.

How do you exclude the one to one NAT from the NAT overload ?

Jon

leosoft · ‎05-08-2021

Hello Wan,

Can you give a configuration example from what you figured out? I still have the same issue

Thanks for your time