Announcement

Collapse
No announcement yet.

Route Maps & NAT

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Route Maps & NAT

    I have the following in my config
    ip nat inside source route-map WAN_LINK_A interface FastEthernet0 overload
    ip nat inside source route-map WAN_LINK_B interface Dialer1 overload
    ip nat inside source static tcp 192.168.70.3 22 82.23.217.1 25 route-map WAN_LINK_A extendable
    ip nat inside source static tcp 192.168.70.5 25 195.137.6.6 25 route-map WAN_LINK_B extendable
    !
    !
    !
    ip access-list extended ACL_NAT_FILTER
    remark ONLY NAT CERTAIN TRAFFIC
    deny ip 192.168.70.0 0.0.0.255 192.168.26.0 0.0.0.31
    deny ip 192.168.70.0 0.0.0.255 192.168.10.0 0.0.0.255
    deny ip any 192.168.26.0 0.0.0.31
    permit ip 192.168.70.0 0.0.0.255 any
    permit ip 192.168.80.0 0.0.0.15 any
    !
    !
    !
    route-map WAN_LINK_A permit 1
    match ip address ACL_NAT_FILTER
    match interface FastEthernet0
    !
    route-map WAN_LINK_B permit 1
    match ip address ACL_NAT_FILTER
    match interface Dialer1
    !
    My question, should the route-map statements read set interface instead of match? (The config has been adapted from Cisco's website) I only have one connection live at any time but what strikes me as odd is when I do a show route-map i dont see any matches,
    rt1#sh route-map
    route-map WAN_LINK_A, permit, sequence 1
    Match clauses:
    ip address (access-lists): ACL_NAT_FILTER
    interface FastEthernet0
    Set clauses:
    Policy routing matches: 0 packets, 0 bytes
    route-map WAN_LINK_B, permit, sequence 1
    Match clauses:
    ip address (access-lists): ACL_NAT_FILTER
    interface Dialer1
    Set clauses:
    Policy routing matches: 0 packets, 0 bytes

    If this is correct can someone explain the logic behind what the route mat is doing in this instance?

    Thanks

  • #2
    Re: Route Maps & NAT

    The set command in a "NAT" route map does nothing. You would use the set command when doing policy routing to "set" the outgoing interface. . All it says is that any traffic matching the ACL forward it out the match "interface" interface. This implies there is also a route in the routing table specifying that outgoing interface as well as that interface having the ip nat outside command. You could also use the match ip nex-hop if you knew the next hop router.

    Dont get confused with NAT route-maps and Policy Based Routing. All we are doing with this is saying what must be natted and the forwarding interface.
    Last edited by auglan; 5th March 2012, 18:59.
    CCNA, CCNA-Security, CCNP
    CCIE Security (In Progress)

    Comment

    Working...
    X