Error: 204.34.211.97-204.34.211.97 overlaps with outside interface address

if you want to hide the internal network to

the External interface ip address of the

firewall, Linux called IP masquerading,

Checkpoint called it "hide" NAT and cisco

refers to it a Port Address Translation (PAT):

nat (inside) 1 0 0

global (outside) 1 interface

I just did

nat (inside) 1 192.168.1.10 255.255.255.255

global (outside) 1 interface

the ip is still coming out with 192.168.1.10(example only) do the static(inside,outside) entries override the global?

If you have a one-to-one static for this IP address, it will take precedence over normal nat/global configuration. Here is the order of NAT operations-

1) nat 0 access-list (nat-exempt)

2) match against existing xlates

3) static

a) static nat with and without access-list (first match)

b) static pat with and without access-list (first match)

4) nat

a) nat access-list (first match)

Note: nat 0 access-list is not part of this command.

b) nat

Note: When choosing a global address from multiple pools with

the same nat id, the following order is tried

i) if the id is 0, create an identity xlate.

ii) use the global pool for dynamic NAT

iii) use the global pool for dynamic PAT

5) Error

Hello!

Where can I find in the Documentation this important notes about NAT order of operation?

Thanks,

Lorenz

You can find this order over here-

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_63/cmdref/mr.htm#wp1032129

Though above link is based on 6.x code, the order of nat operations is still the same in 7.x code. I hope this answers all your concers :-)

This is great! Thank you Sir!