Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Static NAT and Port Overload together

Hi all,

if i have a static NAT setup for a subnet... for instance "static (inside,outside) 10.224.100.0 10.224.100.0 netmask 255.255.255.0" so that these clients NAT to themselves and are accessible from the outside, how can I add a policy dynamic NAT so that....

If                    10.224.100.0/24 accesses 10.1.1.1/32 then port overload to 10.1.94.1/32 ???

I dont think i can do this as in the NAT process, static nat comes before policy NAT.

Am I right?

If so, is there any other way that I can achieve what I want? I do not know why we are NATing this range to itself as it was not setup by me... I am not in a position to completely remove the static NAT as I do not know what access this could break.

Any help appreciated!

Thanks

Mario

6 REPLIES

Static NAT and Port Overload together

Hello,

I would try

10.224.100.0/24 accesses 10.1.1.1/32 then port overload to 10.1.94.1/32

access-list TEST permit ip 10.224.100.0 255.255.255.0 host 10.1.1.1

static (inside,outside) 10.1.94.1 access-list TEST

static (inside,outside) 10.224.100.0 10.224.100.0 netmask 255.255.255.0

In that case the first one will take precedence if I am not mistaking (Unable to lab this up right now)

Let me know how it goes

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Re: Static NAT and Port Overload together

Oh right, I never knew you could port overload in a static nat statement

I shall try it tomorrow.

Mario

Sent from Cisco Technical Support iPhone App

Re: Static NAT and Port Overload together

Hello,

Cool, let me know

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Re: Static NAT and Port Overload together

hi Julio,

i just remembered... we already use the 10.1.1.1 address as a global PAT for everything, so will the ASA still allow us to use it again do you think?

example...

global (outside) 1 interface

nat (inside) 1 0.0.0.0 0.0.0.0

Thanks

Mario

Re: Static NAT and Port Overload together

You sure you wanted to say 10.1.1.1.... I mean that is the destination address of the traffic.

access-list TEST permit ip 10.224.100.0 255.255.255.0 host 10.1.1.1

If that's the case then no sure I follow what u are trying to accomplish here

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Looking for some Networking Assistance? Contact me directly at jcarvaja@laguiadelnetworking.com I will fix your problem ASAP. Cheers, Julio Carvajal Segura http://laguiadelnetworking.com
New Member

Re: Static NAT and Port Overload together

Sorry yes you are right. I meant to say 10.1.94.1 as the NAT address.

Just tried it earlier today and the ASA was complaining bout the subnet mask being invalid.

I think because a status is a 1 to 1... You cannot use it to do port overload.

Mario

Sent from Cisco Technical Support iPhone App

108
Views
0
Helpful
6
Replies