Ok so I have 5 static IP addresses now and here is what I want to try but I'm not sure it will work this way, need suggestions. I am going to simplify it with only 2 of the IP's in use for this example
interface FastEthernet0/0 description $ETH-WAN$$FW_OUTSIDE$ ip address x.x.x.1 255.255.255.248 ip access-group 102 in no ip redirects no ip unreachables no ip proxy-arp ip nat outside ip virtual-reassembly ip route-cache flow speed auto full-duplex no cdp enable no mop enabled
interface FastEthernet0/1 description $ETH-LAN$$FW_INSIDE$ no ip address no ip redirects no ip unreachables no ip proxy-arp speed auto full-duplex no mop enabled ! interface FastEthernet0/1.1 description VLAN 1 encapsulation dot1Q 1 native ip address 192.168.10.1 255.255.255.0 ip access-group 110 in no ip redirects no ip unreachables no ip proxy-arp ip nat inside ip inspect SDM_LOW in ip virtual-reassembly
interface FastEthernet0/1.2 description VLAN 2 encapsulation dot1Q 2 native ip address 192.168.10.1 255.255.255.0 ip access-group 120 in no ip redirects no ip unreachables no ip proxy-arp ip virtual-reassembly
ip nat inside source static 192.168.11.1 x.x.x.2
If I static nat the second IP to the VLAN2 interface will I still be able to apply Zone based FW and ACLs?
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...