I have a problem with the rule that static NAT has higher priority then dynamic NAT, to be exactly that this rule doesn't work. I will explain it on example: I have LAN 10.10.10.0 /24 (LAN1), that will be dynamically NAT'ed to 184.108.40.206. There is also some Server with IP address 10.10.10.3 (local) and 220.127.116.11 (global). The second LAN (LAN2) has the network address 192.168.1.0 and the traffic between LAN1 and LAN2 should not be NAT'ed.
Now I write on R3:
! dynamic NAT list, NAT allways to 18.104.22.168 except for 192.168.1.0 /24 Network
access-list 122 deny ip 10.10.10.0 0.0.0.255 192.168.1.0 0.0.0.255
access-list 122 permit ip 10.10.10.0 0.0.0.255 any
! static NAT list: NAT allways to 22.214.171.124, except for LAN2
access-list 150 deny ip host 10.10.10.3 192.168.1.0 0.0.0.255
access-list 150 permit ip host 10.10.10.3 any
ip nat inside source list 122 interface Serial0/0 overload
ip nat inside source static 10.10.10.3 126.96.36.199 route-map nonat
route-map nonat permit 10
match ip address 150
But without the line
access-list 122 deny ip host 10.10.10.3 any
whole traffic from 10.10.10.3 will be NAT'ed to 188.8.131.52 and not to 184.108.40.206!
How is it possible? Static NAT will be done first, and if the address 220.127.116.11 is already set (and it is set, because with the line "access-list 122 deny ip host 10.10.10.3 any" it works fine), why it will be NAT'ed again to 18.104.22.168?thx