following is an exception for the one to one NAT. I have a host on the outside that needs to access the inside host 172.16.1.1, but they cannot use 192.168.1.1 as the destination. So here was what I proposed:
access-list nat-exception permit ip host 172.16.1.1 host 209.x.x.x
basically I have a static NAT already in place, but have a new customer coming in that needs to access the same internal address via an address that is not the already defined static statement so I was wondering if the static with the access-list would be a workaround without conflicting with or affecting the one to one NAT? I'm guessing the one to one NAT trumps my idea. If anyone has any idea on how I can make this work please advise. Thanks
I had the same type of issue. I had to use policy nat to fix it. The policy nat is triggered by access-list. Your second nat command is a policy nat. You should convert your one to one nat to a policy nat. You may still see a nat conflict pop on your CLI. But it will still work fine.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...