Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Quick NAT question

I am implementing a new network and ip subnet where I work. The problem is that one User needs to have a static IP to our mother corporation but I cannot get the static NAT to work. My question is, will having this;

nat (inside) 1 10.1.0.0 255.255.0.0

With multiple addresses for PAT conflict with this static NAT;

static (outside,inside) 198.182.113.70 10.1.90.50 netmask 255.255.255.255

and if so does anyone have any suggestions on how I can work around this?

2 REPLIES
Community Member

Re: Quick NAT question

My recollection is - it's been a while - that the PAT rule takes precedence, so you will need to use an ACL to deny the 10.1.90.50/32 host then permit the 10.1.0.0/16 net.

Such as:

Overload rule:

access-list overload deny 10.1.90.50

access-list overload permit 10.1.0.0 255.255.0.0

Then build your nat rules

nat (inside) 1 access-list overload

Lastly build your static rule.

Think that should do it; I don't have a Pix in front of me right now to try it on.

Cisco Employee

Re: Quick NAT question

The static (outside,inside) 198.182.113.70 10.1.90.50 netmask 255.255.255.255 should be

static (inside, outside) 198.182.113.70 10.1.90.50 netmask 255.255.255.255.

Do a clear xlate after you configure the static NAT and test it.

Regards,

Arul

97
Views
0
Helpful
2
Replies
CreatePlease to create content