10-08-2012 01:47 PM - edited 03-04-2019 05:47 PM
I am currently using a PAT overload statement to get public addresses on internet traffic.
interface GigabitEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.140.0.1 255.255.254.0
ip flow ingress
ip flow egress
ip nat inside
ip virtual-reassembly
interface GigabitEthernet0/0.3
description Outside Interface
encapsulation dot1Q 3
ip address 64.22.229.210 255.255.255.248
ip access-group inbound_reflexive_fw_acl in
ip access-group outbound_reflexive_fw_acl out
ip flow ingress
ip flow egress
ip nat outside
ip virtual-reassembly
no cdp enable
crypto map Tunnel_to_MarkIV
ip nat inside source list No_Nat_ACL interface GigabitEthernet0/0.3 overload
But now they also want to NAT one address for the video conference unit 10.140.0.8 to 64.22.229.214.
When I put in a static NAT line - ip nat inside source static 10.140.0.8 64.22.229.214
I still can't get out to the internet for a video conference.
10-08-2012 03:34 PM
Hi Ron,
Using PAT and NAT like you did should be supported and should work. A couple of questions and hints:
Best regards,
Peter
10-09-2012 01:12 PM
Peter,
Thanks for you help. The No_Nat_ACL is where I have all of my deny statements for traffic inside our company and then an allow to NAT the rest. This is where I used your tip to deny the static NAT and it was working.
I already allowed traffic from the internet to this public address that then gets NATed to the private address.
Thanks again,
Ron
10-09-2012 11:05 PM
Hi Ron,
So adding the static translation as a deny statement to the ACL helped?
By the way, I hope the No_Nat_ACL does not have a permit ip any any at its end. This would be a configuration that is claimed as unsupported by Cisco. Can you perhaps post the ACL here?
Best regards,
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide