NAT Routemaps Outside-to-Inside Support
Restrictions for NAT Route Maps Outside-to-Inside Support
Information About NAT Route Maps Outside-to-inside Support
- Route Maps Outside-to-Inside Support Design
How to Enable NAT Route Maps Outside-to-inside Support
- Enabling NAT Route Maps Outside-to-Inside Support
Configuration Examples for NAT Route Maps Outside-to-inside Support
- Example: Enabling NAT Route Maps Outside-to-Inside Support
Additional References for NAT Route Maps Outside-to-Inside Support
Feature Information for NAT Route Maps Outside-to-Inside Support

NAT Routemaps Outside-to-Inside Support

The NAT Routemaps Outside-to-Inside Support feature enables you to configure a NAT routemap configuration that allows IP sessions to be initiated from outside the network to inside the network.

This module explains how to configure the NAT Routemaps Outside-to-Inside Support feature.

Restrictions for NAT Route Maps Outside-to-Inside Support

Only IP hosts that are part of a route map configuration will allow outside sessions.
Outside-to-inside support is not available with Port Address Translation (PAT).
Outside sessions must use an access list.
Access lists with reversible route maps must be configured to match the inside-to-outside traffic.
The match interface and match next-hop commands are not supported for reversible route maps.

Information About NAT Route Maps Outside-to-inside Support

Route Maps Outside-to-Inside Support Design

An initial session from the inside to the outside host is required to trigger a NAT. New translation sessions can then be initiated from outside to the inside host that triggered the initial translation.

When route maps are used to allocate global addresses, the global address can allow return traffic, and the return traffic is allowed only if the return traffic matches the defined route map in the reverse direction. The outside-to-inside functionality remains unchanged (by not creating additional entries to allow the return traffic for a route-map-based dynamic entry) unless you configure the reversible keyword with the ip nat inside source command.

Note

Access lists with reversible route maps must be configured to match the inside-to-outside traffic.
Only IP hosts that are part of the route-map configuration will allow outside sessions.
Outside-to-inside support is not available with PAT.
Outside sessions must use an access list.
The match interface and match ip next-hop commands are not supported for reversible route maps.
Reversible route maps are not supported for static NAT.

SUMMARY STEPS

enable
configure terminal
ip nat pool name start-ip end-ip netmask netmask
ip nat inside source route-map name pool name reversible
exit

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: `Router> enable`	Enables privileged EXEC mode. Enter your password if prompted.
Step 2	configure terminal Example: `Router(config)# configure terminal`	Enters global configuration mode.
Step 3	ip nat pool `name` `start-ip` `end-ip` netmask `netmask` Example: `Router(config)# ip nat pool POOL-A 192.168.201.4 192.168.201.6 netmask 255.255.255.128`	Defines a pool of network addresses for NAT.
Step 4	ip nat inside source route-map `name` pool `name` reversible Example: `Router(config)# ip nat inside source route-map MAP-A pool POOL-A reversible`	Enables outside-to-inside initiated sessions to use route maps for destination-based NAT.
Step 5	exit Example: `Router(config)# exit`	Exits global configuration mode and enters privileged EXEC mode.

How to Enable NAT Route Maps Outside-to-inside Support

Enabling NAT Route Maps Outside-to-Inside Support

The NAT Route Maps Outside-to-Inside Support feature enables you to configure a Network Address Translation (NAT) route map configuration. It allows IP sessions to be initiated from the outside to the inside. Perform this task to enable the NAT Route Maps Outside-to-Inside Support feature.

SUMMARY STEPS

enable
configure terminal
ip nat pool name start-ip end-ip netmask netmask
ip nat pool name start-ip end-ip netmask netmask
ip nat inside source route-map name pool name [reversible ]
ip nat inside source route-map name pool name [reversible ]
end

DETAILED STEPS

	Command or Action	Purpose
Step 1	enable Example: `Device> enable`	Enables privileged EXEC mode. Enter your password if prompted.
Step 2	configure terminal Example: `Device(config)# configure terminal`	Enters global configuration mode.
Step 3	ip nat pool `name` `start-ip` `end-ip` netmask `netmask` Example: `Device(config)# ip nat pool POOL-A 192.168.201.4 192.168.201.6 netmask 255.255.255.128`	Defines a pool of network addresses for NAT.
Step 4	ip nat pool `name` `start-ip` `end-ip` netmask `netmask` Example: `Device(config)# ip nat pool POOL-B 192.168.201.7 192.168.201.9 netmask 255.255.255.128`	Defines a pool of network addresses for NAT.
Step 5	ip nat inside source route-map `name` pool `name` [reversible ] Example: `Device(config)# ip nat inside source route-map MAP-A pool POOL-A reversible`	Enables outside-to-inside initiated sessions to use route maps for destination-based NAT.
Step 6	ip nat inside source route-map `name` pool `name` [reversible ] Example: `Device(config)# ip nat inside source route-map MAP-B pool POOL-B reversible`	Enables outside-to-inside initiated sessions to use route maps for destination-based NAT.
Step 7	end Example: `Device(config)# end`	(Optional) Exits global configuration mode and returns to privileged EXEC mode.

Configuration Examples for NAT Route Maps Outside-to-inside Support

Example: Enabling NAT Route Maps Outside-to-Inside Support

The following example shows how to configure a route map A and route map B to allow outside-to-inside translation for a destination-based Network Address Translation (NAT):

ip nat pool POOL-A 192.168.201.4 192.168.201.6 netmask 255.255.255.128
ip nat pool POOL-B 192.168.201.7 192.168.201.9 netmask 255.255.255.128
ip nat inside source route-map MAP-A pool POOL-A reversible
ip nat inside source route-map MAP-B pool POOL-B reversible

Additional References for NAT Route Maps Outside-to-Inside Support

Related Topic	Document Title
Cisco IOS commands	Cisco IOS Master Command List, All Releases
NAT commands	Cisco IOS <<Technology>> Command Reference

Technical Assistance


Description	Link
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password.	http://www.cisco.com/cisco/web/support/index.html

Feature Information for NAT Route Maps Outside-to-Inside Support

The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.

Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.

Table 1. Feature Information for NAT Route Maps Outside-to-Inside Support
Feature Name	Releases	Feature Information
NAT Route Maps Outside-to-Inside Support	12.3(14)T	The NAT Route Maps Outside-to-Inside Support feature enables you to configure a NAT route map configuration that allows IP sessions to be initiated from the outside to the inside. The following command was introduced or modified: ip nat inside .

IP Addressing: NAT Configuration Guide, Cisco IOS Release 15M&T

Bias-Free Language

Book Title

IP Addressing: NAT Configuration Guide, Cisco IOS Release 15M&T

Chapter Title