Showing results for 
Search instead for 
Did you mean: 

Static NAT subnets with route-map


Hi there,

I am having a problem implementing the route-map argument with the static nat statement:

ip access-list extended COSMIC-MATCH

permit ip

route-map COSMIC permit 10 match ip address COSMIC-MATCH

ip nat inside source static network /8 route-map COSMIC

Basically, what I want to accomplish is a static subnet nat translation from between and

But I only want some specific conversations to be NATted, so I added a ACL in combination with a route-map, to specifiy the traffic to be NATted.

When I test the conversations specified in the ACL, the NAT process does add the translation, but only as fasr as the classufll bits count, in this case. Show ip nat translations shows us the following:

R019#show ip nat translations

Pro Inside global Inside local Outside local Outside global

icmp 53.x.x.1:1024

--- --- ---

Apparently it translates to instead of

When I leave the route-map out of the ip nat inside statement, all works just fine:

R019#show ip nat translations

Pro Inside global Inside local Outside local Outside global


--- --- ---

But now, all traffic gets NATted. Using ip nat pools is also no solutions, because the conversation must be able to be initiated from both sides, not dynamically.

Does anyone have any experience in using route-maps with static subnet translations?


3 Replies 3

Marwan ALshawi

ur config generally looks good

except the ACL ithink ur problem with the ACL

ip access-list extended COSMIC-MATCH

permit ip

make it more spisific like

good luck

if helpful Rate

thanks for your reply.

I have investigated this a bit more in the past few days, and It appears to me, that this specific static nat with route-maps feature, is behaving differently in some IOS releases.

The last succesfull test i did, was with the use of the "extendable" keyword in the NAT statement:

ip nat inside source static network /8 route-map COSMIC-NAT extendable

after implementing this in my config, the specific ip connections, did get NATted the correct way, and not just the first 8 bits. All this sounds not clear to me, and I think they have to further investigate this issue.

hi Dion

u have done it right and this is 5 points :)

and this is the answer for the config u have done:

Typically, the ip nat inside source static command is used to translate a small number of entries between your network and two other networks. However, this command provides one interesting parameter: extendable. This parameter causes the Cisco IOS to create an extended translation entry in the translation table instead of a simple entry

example, internal has two Internet connections for redundancy. ISP1 has assigned an IP address space of ISP2, which does not support ISP1's address space, has assigned to this network. This poses a problem because you need to set up a static translation for the internal web server. Normally, a static statement allows only one translation. In this example, you must choose between translated to, or translated to for the web server translation.

Using the extendable parameter, however, you can associate more than one global address with a local address

if helpful Rate

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers