I have the following NAT exemption configured on my firewall
access-list in_nat0_out extended permit ip 10.0.0.0 255.0.0.0 x.x.224.0 255.255.248.0
nat (inside) 0 access-list in_nat0_out
The statements above basically does the NAT exemption for us. Any 10.0.0.0/8 traffic from inside destined to the x.x.224.0/21 (this is our DMZ subnet), we do not perform NAT.
But now, we have a single device in the DMZ (IP is x.x.224.29) that we want to do NAT. Any 10-net traffic destined for x.x.224.29/32, I want to allocate a dynamic NAT pool.
The way I understand is, once I have nat 0 (or NAT exemption) configured, I cannot do a NAT on an overlapping network or address.
Is that correct? Or is it possible to do a NAT just for 1 address and nat 0 for all other addresses?