NAT and PAT in router 2801

Unanswered Question
Oct 24th, 2008


Do you know if I can use dynamic NAT and PAT at the same time in a 2800 router.

My configuration is not working in a 2800 but it works in a 7200, configuration is exactly the same.

Please let me know yoru comments.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Fri, 10/24/2008 - 04:06

As far as i know there is no reason why you cannot run NAT and PAT on the same router regardless of the model.

Can you post config with explanation of what you are trying to do and what you are seeing ?


arturo.reyna Fri, 10/24/2008 - 05:59


This is my config in 2801 router.

ip nat pool P128-4 netmask

ip nat pool epotor netmask

ip nat inside source list 19 pool P128-4

ip nat inside source route-map epotor pool epotor overload

access-list 120 permit ip host

access-list 120 permit ip host

route-map epotor permit 10

match ip address 120


access-list 19 permit any

For historical reasons we still have addressing 128.X.X.X and 129.X.X.X in our network, when we connect to a external entity we do NAT, our pool is 2000 address. Because of a lot of connections (antivirus) to a server those connections are fulling the pool, so I decided to configure a PAT to that specific destination address but it is not working. the pool server get full because PAT doesn't match, when I remove the dynamic pool it works.

The same configuration works at the same time in a 7200 that we used before to the link to that entity.

Please, let me know your comments.

Jon Marshall Fri, 10/24/2008 - 07:58

Could you try changing the following

access-list 19 permit any


access-list 101 deny ip host

access-list 101 deny ip host

access-list 101 permit ip any any

ip nat inside source list 101 pool P128-4

I think the problem is because you have a permit any in access-list 19 it never gets to look at the route-map NAT.

Not sure why this worked on a 7200 - maybe to do with order commands are entered. Would need to test and don't have access to 7200 or 2800 at the moment.

Could you try the modifications and let me know how you get on.



This Discussion