I have observed a new behavior of NAT in 12.4.10b; for packets coming infrom outside to inside and if a dynamic NAT entry exists in the nat translation table for the destination address (inside local) of packets coming into the router from outside, the communication does not work. If there is no NAT entry in the NAT translation table, the communication from outside to inside works fine.
Here is sample config;
Router with NAT configured
ip nat inside
ip address 10.1.12.2 255.255.255.0
ip nat outside
ip address 10.1.23.2 255.255.255.0
ip nat pool test 220.127.116.11 18.104.22.168 netmask 255.255.255.0
ip nat inside list 101 pool test
ip access-list 101 permit ip host 22.214.171.124 host 126.96.36.199
ip route 188.8.131.52 255.255.255.255 10.1.23.3
ip route 184.108.40.206 255.255.255.255 10.1.12.1
ip route 0.0.0.0 0.0.0.0 10.1.23.3
(Outside world is aware of 220.127.116.11 ip address that outside world is aware of inside local ip address as well)
- 18.104.22.168 can connect to 22.214.171.124 without any problem and NAT inside to outside happens fine and translates 126.96.36.199 to 188.8.131.52
-Above connectivity create NAT table entries
-With the presence of NAT table entries in NAT Cache, if some other IP address from outside tries to connect to the inside local iP address 184.108.40.206, the communication does not work and I see that NAT is kicking in and translation 220.127.116.11 to 18.104.22.168; I do not understand as why this is happening because the configuration of NAT and access list 101 are not applicable to the session initiated from outside to inside.
Further I simulated the similar scenario using 12.2 IOS and no issues at all. Outsider are able to talk to talk to inside local ip without any problem.
Does anyone knows if this is a new NAT beahivor after 12.2 or does this sounds like a BUG