access-list outbound-nat permit ip host 192.168.2.2 host 209.240.x.x
The outbound-nat acl is showing "hits" on it, but I'm confused as to how its translating to the address in the global statement if that same source ip address 192.168.2.2 has a Static NAT defined? I thought static NAT overruled other NATs? Why would I be seeing hits on the NAT acl?
The rules are tried in order. 1) nat 0 access-list (nat-exempt) 2) match against existing xlates 3) static a) static nat with and without access-list (first match) b) static pat with and without access-list (first match) 4) nat a) nat access-list (first match) Note: nat 0 access-list is not part of this command. b) nat (best match) Note: When choosing a global address from multiple pools with the same nat id, the following order is tried i) if the id is 0, create an identity xlate. ii) use the global pool for dynamic NAT iii) use the global pool for dynamic PAT 5) Error
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...