Cisco Support Community
Community Member

Static NAT Config - Not able to telnet/Ping/FTP the VIP


I have a VIP for which I have configured static NAT with a private IP. Now I am seeing that I am unable to telnet or FTP or ping to that VIP from that private IP. I can ping other VIPS from the same private IP and I can ping the VIP from other private ip addresses. Below is my configuration.

access-list somecompany_statnat_206.32.55.115 line 8 extended deny ip host

access-list somecompany_statnat_206.32.55.115 line 10 extended deny ip host 255.255.


access-list somecompany_statnat_206.32.55.115 line 16 extended permit ip host any

class-map match-any somecompany_statnat_206.32.55.115

2 match access-list somecompany_statnat_206.32.55.115

class somecompany_statnat_206.32.55.115

nat static netmask vlan 600

policy-map multi-match SOMECOMPANY_SNAT_POLICY

class somecompany_statnat_206.32.55.115

nat static netmask vlan 600

interface vlan 1234

description somecompany_dmz

ip address


peer ip address

access-group input somecompany_dmz_acl

access-group output all

nat-pool 1234 netmask pat

service-policy input remote-mgmt

service-policy input INSPECTION_POLICY

service-policy input SOMECOMPANY_SNAT_POLICY

service-policy input SOMECOMPANY_NAT_POLICY

service-policy input Virtual_IP

no shutdown

Below is also the Server to VIP configuration. This is for allowing the Private IP to access the VIP. access-lists for the ports have not been mentioned but have been allowed.

access-list SOMECOMPANY_SERVER_TO_VIP extended permit ip host

class-map match-any SOMECOMPANY_SERVER_TO_VIP

2 match access-list SOMECOMPANY_SERVER_TO_VIP

policy-map multi-match SOMECOMPANY_NAT_POLICY

class SOMECOMPANY_SERVER_TO_VIP insert-before somecompany_nat

nat dynamic 1234 vlan 1234

Appreciate your help


CreatePlease to create content