Re: dynamic vs static nat

btw: I've also tried to use the route-map in the dynamic nat, but w/o
success :/

On Mon, Jul 30, 2012 at 1:41 PM, ccie99999 <ccie99999_at_googlemail.com> wrote:

> Hi Peter,
>
> thanks for your help.
>
> I've tried what you've suggested and it looks it's working (the static is
> not taking the precedence on the dynamic one)
>
> unluckily the static nat is not working..
>
> this is my basic nat stuff:
>
> (note: net 192.168.1.x must become 192.168.200.x with the static nat and
> talk to 10.10.0.0)
>
> route-map NAT permit 10
> match ip address 101
>
> access-list 101 permit ip 192.168.200.0 0.0.0.255 10.10.0.0 0.1.255.255
> access-list 101 permit ip 192.168.1.0 0.0.0.255 10.10.0.0 0.1.255.255
>
> ip nat pool OVERLAPPING 192.168.200.1 192.168.200.254 pref 24
>
> ip nat inside source route-map NAT pool OVERLAPPING
>
> ######
>
>
> ip nat inside source list 100 interface Dialer0 overload
>
> access-list 100 deny ip 192.168.1.0 0.0.0.255 10.10.0.0 0.1.255.255
> access-list 100 deny ip 192.168.200.0 0.0.0.255 10.10.0.0 0.1.255.255
> access-list 100 permit ip 192.168.1.0 0.0.0.255 any
>
> thaaaanks again.
>
>
>
>
> On Mon, Jul 30, 2012 at 12:29 PM, Peter Dervan <petesccie_at_gmail.com>wrote:
>
>> Try making the static nat policy based, using a nat pool and route map.
>> Policy would allow static nat to kick in only when traffic is destined to a
>> particular destination - should fix your issue.
>>
>> Sent from my iPhone
>>
>> On 30 Jul 2012, at 13:14, ccie99999 <ccie99999_at_googlemail.com> wrote:
>>
>> > Hi guys,
>> >
>> > I feel a bit frustrated because of this simple issue:
>> >
>> > I've got to do a static nat and a dynamic one with the overload.
>> >
>> > the static one is for translating my entire lan to a specific net
>> (because
>> > of overlapping over ipsec).
>> >
>> > the dynamic one with overload is for surfing the web.
>> >
>> > As soon as I set up the static nat the customer looses the access to
>> > internet (the dynamic one stop to work).
>> >
>> > I know that a static route has precedence over a dynamic but I've set
>> up a
>> > specific acl:
>> >
>> > this is my conf:
>> >
>> > NAT:
>> > ip nat inside source list 100 interface Dialer0 overload
>> > ip nat inside source static network 192.168.1.0 192.168.200.0 /24
>> >
>> > ACL:
>> > access-list 100 deny ip 192.168.1.0 0.0.0.255 10.10.0.0 0.1.255.255
>> > access-list 100 deny ip 192.168.200.0 0.0.0.255 10.10.0.0 0.1.255.255
>> > access-list 100 permit ip 192.168.1.0 0.0.0.255 any
>> >
>> > I've even tried to use a route-map within the dynamic nat but still
>> doesn't
>> > work..
>> >
>> > where am I wrong?
>> >
>> > thanks in advance
>> >
>> >
>> > --
>> > ccie99999
>> > twitter: @ccie99999
>> >
>> >
>> > Blogs and organic groups at http://www.ccie.net
>> >
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html
>> >
>> >
>> >
>> >
>> >
>> >
>> >
>>
>
>
>
> --
> ccie99999
> twitter: @ccie99999
>
>

-- 
ccie99999
twitter: @ccie99999
Blogs and organic groups at http://www.ccie.net