I have a weird situation and try to find an answer for...
In my NAT ACL if I put a host as destination, NAT works and the destination is reachable however if I use the network, I can't get out to destination! No match will appear on my statement in ACL and no NAT will appear in sh ip nat tr
Here is the config (only two hosts 184.108.40.206 and 220.127.116.11 are reachable and nothing on network 18.104.22.168/22):
ip address 10.23.254.1 255.255.255.128
ip nat inside
no ip redirects
no ip unreachables
no ip proxy-arp
ip address dhcp
ip nat outside
ip virtual-reassembly in
ip access-list extended AW-nat
deny ip 10.23.254.0 0.0.0.255 10.0.0.0 0.255.255.255
deny ip 10.23.254.0 0.0.0.255 172.16.0.0 0.15.255.255
deny ip 10.23.254.0 0.0.0.255 192.168.0.0 0.0.255.255
permit ip 10.23.254.0 0.0.0.255 host 22.214.171.124
permit ip 10.23.254.0 0.0.0.255 126.96.36.199 0.0.3.255 log
permit ip 10.23.254.0 0.0.0.255 host 188.8.131.52
ip nat inside source list AW-nat interface FastEthernet8 overload
ip route 184.108.40.206 255.255.252.0 FastEthernet8 dhcp
Any idea please??? The test is done on Cisco 891 router.
The best way to do your task is:
Select your source networks which you want to be NAT in the NAT ACL, and if you don't want some host access some destination, use different inbound ACL filter on interface vlan 20.
Did you configured the NAT on the switch ? what is the model of the switch do you have ip routing enabled for that.. ?
I don't see any issues with the configuration.
Just remove the "log" keyword at the end of the ace of the network 220.127.116.11/22. Log keyword won't work neither with PBR.