cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
146
Views
0
Helpful
2
Replies
amadeusri
Beginner

Quick NAT question

I am implementing a new network and ip subnet where I work. The problem is that one User needs to have a static IP to our mother corporation but I cannot get the static NAT to work. My question is, will having this;

nat (inside) 1 10.1.0.0 255.255.0.0

With multiple addresses for PAT conflict with this static NAT;

static (outside,inside) 198.182.113.70 10.1.90.50 netmask 255.255.255.255

and if so does anyone have any suggestions on how I can work around this?

2 REPLIES 2
emallette
Beginner

My recollection is - it's been a while - that the PAT rule takes precedence, so you will need to use an ACL to deny the 10.1.90.50/32 host then permit the 10.1.0.0/16 net.

Such as:

Overload rule:

access-list overload deny 10.1.90.50

access-list overload permit 10.1.0.0 255.255.0.0

Then build your nat rules

nat (inside) 1 access-list overload

Lastly build your static rule.

Think that should do it; I don't have a Pix in front of me right now to try it on.

ajagadee
Cisco Employee

The static (outside,inside) 198.182.113.70 10.1.90.50 netmask 255.255.255.255 should be

static (inside, outside) 198.182.113.70 10.1.90.50 netmask 255.255.255.255.

Do a clear xlate after you configure the static NAT and test it.

Regards,

Arul