Hello,

I am facing the following problem:

On a 6500 I defined several NAT inside and outside VLAN's.

NAT/PAT works fine between inside and outside, but I can't get clients which are connected on two different outside VLAN's to communicate with each other.

But when I ping from the 6500 itself  I get ICMP replies and NATting works fine:

Core-C6506E-CC#sh ip nat statistics
Total active translations: 2465 (0 static, 2465 dynamic; 2465 extended)
Outside interfaces:
  Vlan11, Vlan159, Vlan300, Vlan965, Vlan967, Vlan968
Inside interfaces:
  Vlan261, Vlan262, Vlan263
 

Core-C6506E-CC#ping vrf Office-Network 172.16.51.200 so vlan 300
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.51.200, timeout is 2 seconds:
Packet sent with a source address of 10.10.100.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Core-C6506E-CC#sh ip nat translations | inc 10.10.100        
icmp 172.16.51.155:1024   10.10.100.254:71      172.16.51.200:71      172.16.51.200:1024

As you can see the ICMP from vlan 300 is translated via the vlan 965 interface ip address 172.16.51.155

interface Vlan965
 description VLAN965
 ip vrf forwarding Office-Network
 ip address 172.16.51.155 255.255.255.0
 ip nat outside
 private-vlan mapping 265

Any ideas why clients who are using GW 10.10.100.254 are not NATed the same way ?

Access Lists are checked already.

Thanks in advance