Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1405
Views
0
Helpful
2
Replies

IP Nat conflict question

nemiath76
Level 1
Level 1

‎02-27-2013 07:33 AM - edited ‎03-04-2019 07:09 PM

Greetings,

I have a question regarding ip nat inside command which may explain an issue i am facing with a client..

Suppose we have:

ip nat inside source list 101 interface Dialer1 overload

ip nat inside source static 10.0.0.250 87.202.212.131 route-map NO_NAT

ip nat inside source static 10.0.0.20 87.202.212.132 route-map NO_NAT

ip nat inside source static 10.0.0.60 87.202.212.133

ip nat inside source static 10.0.0.11 87.202.212.134

access-list 101 deny   ip host 10.0.0.30 any

access-list 101 deny   ip 10.254.104.0 0.0.0.255 192.168.146.0 0.0.0.255

access-list 101 deny   ip 10.0.0.0 0.0.0.255 10.254.104.0 0.0.0.255

access-list 101 deny   ip 10.0.0.0 0.0.0.255 10.22.30.0 0.0.1.255

access-list 101 permit ip 10.0.0.0 0.0.0.255 any

and:

route-map NO_NAT deny 10

match ip address no_nat

!

route-map NO_NAT permit 20

ip access-list extended no_nat

permit ip 10.0.0.0 0.0.0.255 10.254.104.0 0.0.0.255

permit ip 10.254.104.0 0.0.0.255 192.168.146.0 0.0.0.255

in a configuration where 10.0.0.250 87.202.212.131 is the translation of internal exchange address to public mail ip,

Would the ip nat inside source list 101 interface Dialer1 overload conflict with the 1 to 1 map since the 101 list

includes the 10.0.0.250 address?

I am trying to figure out why the exchange exits via the dialer1 ip instead of the mapped one (which results in spam positives for the

receipients.

SOLVED

Labels:
0 Helpful
2 Replies 2

Rahul Kukreja
Level 1
Level 1

‎03-04-2013 01:27 PM

Hi,

I would suggest you to take a looks at this defect -CSCsh21456

Overall precedence looks like

1) Static NAT without Route-maps

2) Dynamic NAT without Route-maps

3) Dynamic NAT with Route-maps

4) Static NAT with Route-maps

The defect is junked as this is day-1 behavior for sorting logic.

Regards,

Rahul

0 Helpful

nemiath76
Level 1
Level 1

‎03-04-2013 11:25 PM

I figured it out.. Problem was caused by an access-list error.

Access list 101 includes the entire 10.0.0.0 /24 where 10.0.0.250

should be excluded in order to only match the static NAT entry.

I inserted a deny 10.0.0.250 at the top of the 101 ACL and problem is fixed.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card