Cisco PBR with routed IP block

In situations where customers have a routed block, sometimes traffic is required to originate from particular IP addresses within that block. In the example below, we will assume the internal host, is required to go out public IP

1. Create ACL and Route-map

ip access-list extended TESTacl

permit ip host


route-map TESTmap permit 10

match ip address TESTacl

2. Create NAT pool

ip nat pool TESTpool netmask

3. Create NAT statement

ip nat inside source route-map TESTmap pool TESTpool overload

4. Deny host from original NAT statement; let’s assume we have an ACL CORP-LAN which has a simple permit any (line 10), the ACL would be modified to read:




To test; you can perform a simple whatismyip or if you’d like to ensure certain ports are going out the right WAN IP, you can telnet to another Cisco unit and check the NAT translations.

Tagged , ,

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: