I am having some trouble getting l2nat working exactly the way I would expect on the IE4010. From outside to inside, translation doesn't seem to happen for the source IP, only the destination. I can get it working with proxy-arp on the public router and "allow all" on the l2nat config. But I don't think that should be needed if translations is working.
I am using gigabit 1/1 for the NAT. Trying to reach 192.168.170.101 from 10.10.51.254. Here is the config:
l2nat instance Skid
instance-id 5
fixup all
outside from host 10.10.51.254 to 192.168.170.53
inside from host 192.168.170.101 to 10.10.62.18
interface GigabitEthernet1/1
description link-to-public
switchport trunk allowed vlan 163
switchport trunk native vlan 1
switchport mode trunk
l2nat Partswash Skid 163
interface GigabitEthernet1/12
description link-to-skid
switchport mode access
switchport access vlan 163
I cannot get it working without "permit all" which I wouldn't think I would need if translation is working. I also need proxy-arp on the public router vlan 163 interface for it to work.
I saw this in the l2nat configuration guide and I was wondering if it is related?
https://www.cisco.com/c/en/us/td/docs/switches/lan/industrial/software/configuration/guide/b_l2_nat_ie.html
"On IE4010 and IE5000 platforms, when you configure an L2NAT instance on the downlink ports (Gig 1/1 – Gig 1/24), you must configure the “inside” and “outside” IP addresses in the corresponding translation maps in reverse order compared to a translation map on uplink ports (Gig1/25, 28 or TenGig 1/1 – 1/4)."
Anyone know what that means?