Dynamic & Static NAT

Unanswered Question
Aug 31st, 2007


Can anyone help me understand if it is possible to have NAT pools that NAT Inside Local addresses to Inside Global addresses, plus static entries that NAT static Inside Local addresses to a static Inside Global addresses?

I have a app server on a clients network that requires my private addressing to be natted to their private addressing. This is done via a NAT pool. At the same time i have another app server on the same clients network that requires a static 1-2-1 NAT entry as it has to initiate a connection back into the host.

My issue is that the static entry seems to work but it breaks the dynamic NAT as the host is always getting natted to the static address for the 2nd app server, rather than use the pool.

Can anyone advise?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Fri, 08/31/2007 - 04:28

Hi Jeremy

Can you post your nat configuration plus the IP address details of the app servers and any other IP details that are relevant ?


jeremyshort Fri, 08/31/2007 - 05:36

Here are the relevant parts, ive changed the IP addressing slightly for protection.

ip nat pool APP-PROD-POOL prefix-length 24

ip nat pool APP1-PROD-POOL prefix-length 24

ip nat inside source route-map APP-PROD-NAT pool APP-PROD-POOL overload

ip nat inside source route-map APP1-PROD-NAT pool APP1-PROD-POOL overload


ip nat inside source static


access-list 101 remark APP-PROD-NAT

access-list 101 permit ip host

access-list 102 remark APP1-PROD-NAT

access-list 102 permit ip 192.20.0 host

access-list 102 permit ip 192.20.0 host


route-map APP-PROD-NAT permit 10

match ip address 101


route-map APP1-PROD-NAT permit 10

match ip address 102

Jon Marshall Sun, 09/02/2007 - 23:19

Sorry Jeremy, should have got back sooner.

I'm at work so i can have a look at this in lab if needed. Just for clarity can you give examples with IP addresses as to what is happening ie.

source IP - destination IP - Natted IP for both servers.


jeremyshort Sun, 09/02/2007 - 23:55

Hi Jon - is our internal private addressing - is the customers addresses that we NAT to/behind.

The customer then allows their address range connections to their FTP/App servers which are

The problem i have is that i need to have a static 1-2-1 host NAT entry to get a call recording solution to work (Witness). But with this static 1-2-1 entry i also need the host to access the FTP/App servers which have NAT pools. I cant get the host to use the pools if i define the static 1-2-1?

Jon Marshall Mon, 09/03/2007 - 06:07


Apologies, i have been trying to get round to this all day but have been very busy.

Could you just try one quick thing before i dive into the lab

change line

ip nat inside source static


ip nat inside source static extendable


jeremyshort Wed, 09/05/2007 - 03:36

Hi Jon

Many thanks for your reply

I have been unable to do the change that you requested at the moment as this is a prod router and i cant get any down time.

Ill have a change in for tonioght so i can give it a go then.

Ill let you know once what the outcome is.


This Discussion