Quick NAT question

Unanswered Question
Nov 5th, 2007

I am implementing a new network and ip subnet where I work. The problem is that one User needs to have a static IP to our mother corporation but I cannot get the static NAT to work. My question is, will having this;

nat (inside) 1

With multiple addresses for PAT conflict with this static NAT;

static (outside,inside) netmask

and if so does anyone have any suggestions on how I can work around this?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)

My recollection is - it's been a while - that the PAT rule takes precedence, so you will need to use an ACL to deny the host then permit the net.

Such as:

Overload rule:

access-list overload deny

access-list overload permit

Then build your nat rules

nat (inside) 1 access-list overload

Lastly build your static rule.

Think that should do it; I don't have a Pix in front of me right now to try it on.

ajagadee Tue, 11/06/2007 - 12:02

The static (outside,inside) netmask should be

static (inside, outside) netmask

Do a clear xlate after you configure the static NAT and test it.




This Discussion