Hi Alain,
Can you tell more because inside global is the address that represents the real inside local to others?
if so then port forwarding is static nat?
then
this means we can't do PAT (inside global can be interface address so
already assigned) and we can't do static nat to interface ?
Please can you correct my misunderstanding .
Let me see if I understand all your questions correctly.
Yes, the inside local address is the one really assigned to a station, and the inside global is how the outside world can see this address. The inside local is the "real" address visible in the inside, the inside global is the "fake" address seen outside.
Port forwarding does not need to be static although I can imagine that most often, static NAT entry is created to allow access to specific ports on an inside machine from outside. A dynamic port forwarding could be done using selective ACLs (to translate just a selected port) and the reversible keyword so that the connection can also be initiated from outside.
The PAT by itself is not bound to be done on an interface address. We can perform a PAT (that is, N:1 translation) into a NAT pool, i.e. into an entire range of addresses.The entire difference is just using the NAT pool in the ip nat inside source command with the overload keyword. Performing a static NAT (i.e. 1:1 translation between IP address without regard to ports) to our own interface - well, I believe we can configure it but that would mean that we cannot access the router under its interface address anymore (that's my guess) because the access to its IP address would be NATted into the inside machine.
I believe the OP indicated a different issue here: he is using an address that is already owned by another station as the inside global address. The problems arising from that are concerned with the duplicate ARP entries, essentially with both the NAT box and the station claiming to have the same IP address.
Best regards,
Peter
