Add a route-map to an "ip nat inside source static" statement

Posted on 2007-10-12
Last Modified: 2012-05-05
I are trying to add a route-map statement to a nat statement.  We have a Cisco 2811 firewall/router.  I initiall added the "ip nat inside source static statement using the GUI SDM configuration tool.  When it was loaded it didn't show the route-map statement (see example below of one with the map and the one I added without the map) or allow me to add or edit it to include the statement.  So I tried to telenet into the router and can't see how to do this.  I am a novice doing this.  Please be very specific in responding and please don't assume I have any specific knowlege.  
See example is below:
ip nat inside source static route-map nonat-static
ip nat inside source static
Question by:sfletcher1959
    LVL 32

    Expert Comment

    What is that you want this route-map to do ? In other words what are you trying to achieve?

    LVL 79

    Accepted Solution

    Your syntax is off a little bit.
    Here's what it should look like:

    access-list 101 deny ip host any
    access-list 101 deny ip host any
    access-list 101 permit ip any

    route-map nonat-static permit 10
     match address 101
    ip nat inside source route-map nonat-static overload
    ip nat inside source static
    ip nat inside source static

    Author Comment

    The syntax of course depends on the IOS version.  The statement I have included was cut directly from our existing configuration.  In that configuration the IP address that ends in .69, works perfectly.  I appreciate the responses, but was able to modify the statement to add the route-map as indicated above and it is now working.  Thanks for taking the time to try and help me.
    LVL 1

    Expert Comment


    Can I ask if you can share what you did to make this work?  I am having similar issues with our router where I have to publish our MS Exchange server to one of our Public IPs.  But using a standard 1-to-1 Static NAT command does not allow my dynamic VPN (road warrior) clients to utilize the Exchange server when they VPN-in using their Cisco VPN client.  My LAN is a 192.168.0.X network and I give my Dynamic VPN clients a 172.16.0.X IP.  The Dynamic VPN users use the same router as their VPN endpoint as well.  Thanks.


    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    Suggested Solutions

    If you have an ASA5510 then this sort of thing would be better handled with a CSC Module, however on an ASA5505 thats not an option, and if you want to throw in a quick solution to stop your staff going to facebook during work time, then this is the…
    From Cisco ASA version 8.3, the Network Address Translation (NAT) configuration has been completely redesigned and it may be helpful to have the syntax configuration for both at a glance. You may as well want to read official Cisco published AS…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    16 Experts available now in Live!

    Get 1:1 Help Now