IP Addressing: NAT Configuration Guide, Cisco IOS Release 15M&T
NAT Routemaps Outside-to-Inside Support
Downloads: This chapterpdf (PDF - 1.25MB) The complete bookPDF (PDF - 4.71MB) | The complete bookePub (ePub - 1.04MB) | Feedback

NAT Routemaps Outside-to-Inside Support

The NAT Routemaps Outside-to-Inside Support feature enables you to configure a NAT routemap configuration that allows IP sessions to be initiated from outside the network to inside the network.

This module explains how to configure the NAT Routemaps Outside-to-Inside Support feature.

Restrictions for NAT Route Maps Outside-to-Inside Support

  • Only IP hosts that are part of a route map configuration will allow outside sessions.
  • Outside-to-inside support is not available with Port Address Translation (PAT).
  • Outside sessions must use an access list.
  • Access lists with reversible route maps must be configured to match the inside-to-outside traffic.
  • The match interface and match next-hop commands are not supported for reversible route maps.

Information About NAT Route Maps Outside-to-inside Support

Route Maps Outside-to-Inside Support Design

An initial session from the inside to the outside host is required to trigger a NAT. New translation sessions can then be initiated from outside to the inside host that triggered the initial translation.

When route maps are used to allocate global addresses, the global address can allow return traffic, and the return traffic is allowed only if the return traffic matches the defined route map in the reverse direction. The outside-to-inside functionality remains unchanged (by not creating additional entries to allow the return traffic for a route-map-based dynamic entry) unless you configure the reversible keyword with the ip nat inside source command.


Note


  • Access lists with reversible route maps must be configured to match the inside-to-outside traffic.
  • Only IP hosts that are part of the route-map configuration will allow outside sessions.
  • Outside-to-inside support is not available with PAT.
  • Outside sessions must use an access list.
  • The match interface and match ip next-hop commands are not supported for reversible route maps.
  • Reversible route maps are not supported for static NAT.

SUMMARY STEPS

    1.    enable

    2.    configure terminal

    3.    ip nat pool name start-ip end-ip netmask netmask

    4.    ip nat inside source route-map name pool name reversible

    5.    exit


DETAILED STEPS
      Command or Action Purpose
    Step 1 enable


    Example:
    Router> enable
     

    Enables privileged EXEC mode.

    • Enter your password if prompted.
     
    Step 2 configure terminal


    Example:
    Router(config)# configure terminal
     

    Enters global configuration mode.

     
    Step 3 ip nat pool name start-ip end-ip netmask netmask


    Example:
    Router(config)# ip nat pool POOL-A 192.168.201.4 192.168.201.6 netmask 255.255.255.128
     

    Defines a pool of network addresses for NAT.

     
    Step 4 ip nat inside source route-map name pool name reversible


    Example:
    Router(config)# ip nat inside source route-map MAP-A pool POOL-A reversible
     

    Enables outside-to-inside initiated sessions to use route maps for destination-based NAT.

     
    Step 5 exit


    Example:
    Router(config)# exit
     

    Exits global configuration mode and enters privileged EXEC mode.

     

    How to Enable NAT Route Maps Outside-to-inside Support

    Enabling NAT Route Maps Outside-to-Inside Support

    The NAT Route Maps Outside-to-Inside Support feature enables you to configure a Network Address Translation (NAT) route map configuration that will allow IP sessions to be initiated from the outside to the inside. Perform this task to enable the NAT Route Maps Outside-to-Inside Support feature.

    SUMMARY STEPS

      1.    enable

      2.    configure terminal

      3.    ip nat pool name start-ip end-ip netmask netmask

      4.    ip nat pool name start-ip end-ip netmask netmask

      5.    ip nat inside source route-map name pool name [reversible]

      6.    ip nat inside source route-map name pool name [reversible]

      7.    end


    DETAILED STEPS
        Command or Action Purpose
      Step 1 enable


      Example:
      Device> enable
       

      Enables privileged EXEC mode.

      • Enter your password if prompted.
       
      Step 2 configure terminal


      Example:
      Device(config)# configure terminal
       

      Enters global configuration mode.

       
      Step 3 ip nat pool name start-ip end-ip netmask netmask


      Example:
      Device(config)# ip nat pool POOL-A 192.168.201.4 192.168.201.6 netmask 255.255.255.128
       

      Defines a pool of network addresses for NAT.

       
      Step 4 ip nat pool name start-ip end-ip netmask netmask


      Example:
      Device(config)# ip nat pool POOL-B 192.168.201.7 192.168.201.9 netmask 255.255.255.128
       

      Defines a pool of network addresses for NAT.

       
      Step 5 ip nat inside source route-map name pool name [reversible]


      Example:
      Device(config)# ip nat inside source route-map MAP-A pool POOL-A reversible
       

      Enables outside-to-inside initiated sessions to use route maps for destination-based NAT.

       
      Step 6 ip nat inside source route-map name pool name [reversible]


      Example:
      Device(config)# ip nat inside source route-map MAP-B pool POOL-B reversible
       

      Enables outside-to-inside initiated sessions to use route maps for destination-based NAT.

       
      Step 7 end


      Example:
      Device(config)# end
       

      (Optional) Exits global configuration mode and returns to privileged EXEC mode.

       

      Configuration Examples for NAT Route Maps Outside-to-inside Support

      Example: Enabling NAT Route Maps Outside-to-Inside Support

      The following example shows how to configure route map A and route map B to allow outside-to-inside translation for a destination-based Network Address Translation (NAT):

      ip nat pool POOL-A 192.168.201.4 192.168.201.6 netmask 255.255.255.128
      ip nat pool POOL-B 192.168.201.7 192.168.201.9 netmask 255.255.255.128
      ip nat inside source route-map MAP-A pool POOL-A reversible
      ip nat inside source route-map MAP-B pool POOL-B reversible

      Additional References for NAT Route Maps Outside-to-Inside Support

      Related Documents

      Related Topic

      Document Title

      Cisco IOS commands

      Cisco IOS Master Command List, All Releases

      NAT commands

      Cisco IOS <<Technology>> Command Reference

      Technical Assistance

      Description

      Link

      The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.

      http:/​/​www.cisco.com/​cisco/​web/​support/​index.html

      Feature Information for NAT Route Maps Outside-to-Inside Support

      The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

      Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/​go/​cfn. An account on Cisco.com is not required.

      Table 1 Feature Information for NAT Route Maps Outside-to-Inside Support

      Feature Name

      Releases

      Feature Information

      NAT Route Maps Outside-to-Inside Support

      12.3(14)T

      The NAT Route Maps Outside-to-Inside Support feature enables you to configure a NAT route map configuration that allows IP sessions to be initiated from the outside to the inside.

      The following command was introduced or modified: ip nat inside.