static NAT routing in vlans

Alexey Mitrofanov · ‎05-27-2021

Hello, i have two vlans, one is for internet operator (115), another is LAN (119).

Provider give us addresses 1.1.1.24/29, 1.1.1.25 - providers gateway

We have local host 192.168.46.2 in our LAN

interface Port-channel1.115
encapsulation dot1Q 115
ip address 1.1.1.26 255.255.255.248
no ip redirects
no ip proxy-arp
ip flow ingress
ip nat outside
ip virtual-reassembly in

interface Port-channel1.119
encapsulation dot1Q 119
ip address 192.168.46.1 255.255.255.0
no ip redirects
no ip proxy-arp
ip flow ingress
ip nat inside
ip virtual-reassembly in

ip route 0.0.0.0 0.0.0.0 1.1.1.25

1) When i do dynamic NAT, everything is ok, and when NAT translations exists i can ping host 92.168.46.2 from internet by it's external address (1.1.1.29 for example).

ip nat pool inet 1.1.1.29 1.1.1.30 netmask 255.255.255.252
ip nat inside source list 80 pool inet overload
access-list 80 permit 192.168.46.0 0.0.0.255

From host NAT is ok, traffic goes to 192.168.46.1, then to gw 1.1.1.25. From internet traffic goes on gw 1.1.1.25, then Port-channel1.115 address 1.1.1.26, where it losts

2) When i do static one to one NAT:

ip nat inside source static 192.168.46.2 1.1.1.30

From local host is ok - traffic goes to 192.168.46.1, then to gw 1.1.1.25. From internet host is not available, traffic goes on gw 1.1.1.25, then on interface 1.1.1.26 and fails...

But i have to do static NAT for local host to access it from internet by it's external address.

What's wrong, how can i correct this?