Quick NAT question

amadeusri · ‎11-05-2007

I am implementing a new network and ip subnet where I work. The problem is that one User needs to have a static IP to our mother corporation but I cannot get the static NAT to work. My question is, will having this;

nat (inside) 1 10.1.0.0 255.255.0.0

With multiple addresses for PAT conflict with this static NAT;

static (outside,inside) 198.182.113.70 10.1.90.50 netmask 255.255.255.255

and if so does anyone have any suggestions on how I can work around this?

emallette · ‎11-06-2007

My recollection is - it's been a while - that the PAT rule takes precedence, so you will need to use an ACL to deny the 10.1.90.50/32 host then permit the 10.1.0.0/16 net.

Such as:

Overload rule:

access-list overload deny 10.1.90.50

access-list overload permit 10.1.0.0 255.255.0.0

Then build your nat rules

nat (inside) 1 access-list overload

Lastly build your static rule.

Think that should do it; I don't have a Pix in front of me right now to try it on.

ajagadee · ‎11-06-2007

The static (outside,inside) 198.182.113.70 10.1.90.50 netmask 255.255.255.255 should be

static (inside, outside) 198.182.113.70 10.1.90.50 netmask 255.255.255.255.

Do a clear xlate after you configure the static NAT and test it.

Regards,

Arul