I have observed a new behavior of NAT in 12.4.10b; for packets coming infrom outside to inside and if a dynamic NAT entry exists in the nat translation table for the destination address (inside local) of packets coming into the router from outside, the communication does not work. If there is no NAT entry in the NAT translation table, the communication from outside to inside works fine.
Here is sample config;
Router with NAT configured
ip nat inside
ip address 10.1.12.2 255.255.255.0
ip nat outside
ip address 10.1.23.2 255.255.255.0
ip nat pool test 184.108.40.206 220.127.116.11 netmask 255.255.255.0
ip nat inside list 101 pool test
ip access-list 101 permit ip host 18.104.22.168 host 22.214.171.124
ip route 126.96.36.199 255.255.255.255 10.1.23.3
ip route 188.8.131.52 255.255.255.255 10.1.12.1
ip route 0.0.0.0 0.0.0.0 10.1.23.3
(Outside world is aware of 184.108.40.206 ip address that outside world is aware of inside local ip address as well)
- 220.127.116.11 can connect to 18.104.22.168 without any problem and NAT inside to outside happens fine and translates 22.214.171.124 to 126.96.36.199
-Above connectivity create NAT table entries
-With the presence of NAT table entries in NAT Cache, if some other IP address from outside tries to connect to the inside local iP address 188.8.131.52, the communication does not work and I see that NAT is kicking in and translation 184.108.40.206 to 220.127.116.11; I do not understand as why this is happening because the configuration of NAT and access list 101 are not applicable to the session initiated from outside to inside.
Further I simulated the similar scenario using 12.2 IOS and no issues at all. Outsider are able to talk to talk to inside local ip without any problem.
Does anyone knows if this is a new NAT beahivor after 12.2 or does this sounds like a BUG