I am hoping someone can assist me with this. Working with a Cisco 1920 router (v15.2). I am trying to map an inside address (10.11.8.226) to an outside address (162.x.x.83) so an internal web address can be accessed from the outside. There are a limited number of available external IP addresses, so a PAT pool (mapped to a single address) is being used for Internet access. This static of course should not use this pool, but the external address that has been assigned to it. I have added this command to the config:
ip nat inside source static 10.11.8.226 162.X.X.83
I have also added (and removed) several combinations to the a corresponding ACL, but I cannot get it to work. I have attached a copy of the config before I started adding commands. If anyone could help, I would appreciate it.
As per the configuration attached it should be working. Could you please share the output "show ip nat translation | in 10.11.8.226 " after adding the Static NAT configuration. As you are using Crypto VPN configuration. What i have seen in several issues is that ideally the traffic should take static NAT, however it might be taking the dynamic translation. If it does show up in the output getting translated to PAT IP address in that case we'll have to deny the traffic in the NAT ACL.
ip access-list extended nonat
deny ip host 10.11.8.226 any -------------------> Try this Statement. deny ip 10.11.8.0 0.0.0.255 10.110.8.0 0.0.0.255 deny ip 10.11.8.0 0.0.0.255 10.1.99.0 0.0.0.255 deny ip 10.110.8.0 0.0.0.255 10.1.99.0 0.0.0.255 permit ip 10.11.8.0 0.0.0.255 any permit ip 10.110.8.0 0.0.0.255 any
vol-vh-rtr1#show ip nat stat Total active translations: 551 (1 static, 550 dynamic; 551 extended) Peak translations: 5062, occurred 7w0d ago Outside interfaces: GigabitEthernet0/0 Inside interfaces: GigabitEthernet0/1, Serial0/0/0 Hits: 527487768 Misses: 0 CEF Translated packets: 518311279, CEF Punted packets: 6079898 Expired translations: 11257867 Dynamic mappings: -- Inside Source [Id: 1] route-map nat-map pool PAT-pool refcount 550 pool PAT-pool: netmask 255.255.255.248 start 162.X.X.82 end 162.X.X.82 type generic, total addresses 1, allocated 1 (100%), misses 298
I hooked a server to the network and tried a different static. When I go to the net, it shows the NAT pool IP, not the static. For some reason the static is not being applied...
Ok, I have removed and re-added the static and now when I go the Internet I get the correct IP. That's good. Also, I put several permit and deny rules into the NONAT access-list. I get matches on the outside (162.X.X.83) IP address, but still no outside-in access on this server. Going out to the Internet from this server still works regardless of the rules I put in.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...