Operation confirmation environment
- C891FJ-K9
- Version 15.8(3)M9
“add-route” option in NAT
If you specify the add-route option in the ip nat outside source configuration that translates the outside address, a static route to the outside local address with the next hop address as the outside global address is automatically installed in the routing table.
For example, if you have the following static NAT settings:
ip nat outside source static 10.0.1.10 10.0.2.100 add-routeThen the following static routes will be installed.
S 10.0.2.100/32 [1/0] via 10.0.1.10However, there are cases where the static route is not installed even if the add-route option is specified. I will explain below.
Cases where static routes are not installed
Consider the following network configuration.
An outside static nat that translates the address 10.0.1.10 of PC-B to 10.0.2.100 is set on the NAT Router and the add-route option is specified.
The NAT Router config looks like this: (* excerpt from related configuration)
interface FastEthernet0
ip address 10.0.0.254 255.255.255.0
ip nat outside
!
interface GigabitEthernet8
ip address 10.0.2.1 255.255.255.0
ip nat inside
!
ip nat outside source static 10.0.1.10 10.0.2.100 add-route
ip route 0.0.0.0 0.0.0.0 10.0.0.1The routing table of the NAT Router at this time is as follows.
S* 0.0.0.0/0 [1/0] via 10.0.0.1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.0.0/24 is directly connected, FastEthernet0
L 10.0.0.254/32 is directly connected, FastEthernet0
C 10.0.2.0/24 is directly connected, GigabitEthernet8
L 10.0.2.1/32 is directly connected, GigabitEthernet8I have specified add-route in my outside static nat configuration, so I expected the following routes to be installed, but they are not.
S 10.0.2.100/32 [1/0] via 10.0.1.10[Cause] If there is no route to outside global, it will not be installed
Even if add-route is specified, the route will not be installed unless there is a route to the outside global address which is the next hop address of the route added by the outside static nat setting.
In the above example, 10.0.1.10 is the outside global address, so if there is no route to 10.0.1.10, add-route will not install a static route.
[Note] The default route is not subject to judgment
In the above example, the NAT Router has a default route set, so you might think that there is an address destined for 10.0.1.10, which is the outside global address of the NAT settings, but the default route is this. It will not be included in the judgment, and a separate route will be required.
[Solution] Set a static route to outside global
This can be resolved by setting a static route with destination outside global. For example, set the following static route on the NAT Router.
ip route 10.0.1.10 255.255.255.255 10.0.0.1*The destination is set to /32 above, but /24 etc. is also OK.
After configuring the above, the routing table looks like this:
S* 0.0.0.0/0 [1/0] via 10.0.0.1
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
C 10.0.0.0/24 is directly connected, FastEthernet0
L 10.0.0.254/32 is directly connected, FastEthernet0
S 10.0.1.10/32 [1/0] via 10.0.0.1
C 10.0.2.0/24 is directly connected, GigabitEthernet8
L 10.0.2.1/32 is directly connected, GigabitEthernet8
S 10.0.2.100/32 [1/0] via 10.0.1.10The following routes are installed which are expected to be added in the outside static nat configuration.
S 10.0.2.100/32 [1/0] via 10.0.1.10
Comments