I need some assistance on setting up NAT & PAT on a remote campus router. What we want is to have a pool available to devices for NATting to outside IP addresses, and when that pool is exhausted to have the rest of the devices use PAT to get out. I do know that similar we do this on the main campus on the PIX 525 firewall, but I am not sure whether the same process works on the routers too. Hardware is 3845, running c3845-adventerprisek9-mz.123-11.T7.bin, and the config is something like this :
ip nat pool internet 22.214.171.124 126.96.36.199 netmask 255.255.255.0
ip nat pool internet-pat 188.8.131.52 184.108.40.206 netmask 255.255.255.0
ip nat inside source list 101 pool internet
access-list 101 deny ip 172.16.0.0 0.0.255.255 192.168.100.0 0.0.0.255
access-list 101 deny ip 10.10.10.0 0.0.0.255 192.168.100.0 0.0.0.255
access-list 101 permit ip 172.16.0.0 0.0.255.255 any
access-list 101 permit ip 10.10.10.0 0.0.0.255 any
where 124.106.244.xxx is the public address range and 172.16.xxx.xxx is the internal DHCP assigned by the 6507 core switch. I tried adding the line:
ip nat inside source list 101 pool internet-PAT overload
but that gives me an error saying that "dynamic mapping in use, cannot change".
The equipment was set up by an outside vendor and I am trying to make sense of what they did so any assistance would be greatly appreciated.