Route Map in NAT

CyanicCyanic Member Posts: 289
I have a configuration that uses a route map in a NAT command. I am not sure why it was put in or what it does if anything. Does this make sense?

interface GigabitEthernet0/0
ip address 174.x.y.z 255.255.255.240 secondary
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip policy route-map nonat
!
interface GigabitEthernet0/1
ip address 209.x.y.z 255.255.255.224
ip nat outside

ip nat pool natpool-1 209.x.y.a 209.x.y.b netmask 255.255.255.2
24
ip nat inside source list 100 pool natpool-1 overload
ip nat inside source route-map nonat pool natpool-1
ip nat inside source static 10.0.0.23 209.x.y.c

access-list 100 permit ip 10.0.0.0 0.0.0.255 192.168.200.0 0.0.0.255
access-list 100 permit ip 10.0.0.0 0.0.0.255 any
access-list 100 permit ip 174.x.y.z 0.0.0.15 any
access-list 125 permit ip 10.0.0.0 0.0.0.255 192.168.254.0 0.0.0.255
access-list 125 permit ip 10.0.0.0 0.0.0.255 192.168.200.0 0.0.0.255
route-map nonat permit 15
match ip address 125
set ip next-hop 172.30.2.2

Comments

  • kryollakryolla Member Posts: 785
    your doing policy routing as traffic comes into G0/0 going to destinations in the ACL and you are sending the traffic to 172.30.2.2 bypassing the IPV4 routing table

    ALso doing NAT as traffic comes into G0/0 and out G0/1 i.e 10. network is getting translated to 209. network

    Whatever is getting policy routed is not translated and the rest is

    Dont quote me on this though
    Studying for CCIE and drinking Home Brew
  • CyanicCyanic Member Posts: 289
    So I guess I am wondering why the route map is used in 2 places.

    I sounds like I could remove ip nat inside source route-map nonat pool natpool-1 as this is not used as the route-map traffic is being diverted by the route-map policy.
  • kryollakryolla Member Posts: 785
    It makes sense that it would be using the other nat command but if this is in a production network I would asked somebody else or do it at your own risk. Nice little disclaimer huh

    ip nat inside source list 100 pool natpool-1 overload
    Studying for CCIE and drinking Home Brew
  • CyanicCyanic Member Posts: 289
    This is from a production router in my parent company. I am a contractor, so I dont work on their stuff, but their IT asked me to help them stop the 174.x.y.z network from getting NATed. That was easy, but looking over the config, this just stuck me as odd. I think we will just leave it alone, until I can lab test what exactly it does.

    Thanks Kryolloa!
  • kryollakryolla Member Posts: 785
    look at the translation table and see if it is doing overload and if it is then you are using the nat command with the ACL and just remove the permit 174 statement and it wont be translated.
    Studying for CCIE and drinking Home Brew
Sign In or Register to comment.