Re: dynamic vs static nat

yeah, nothing..

overload works but not static nat..
even after a clear ip nat tran * , a ping to the remote net + a show ip nat
translat and I don't see the static nat..

:(

On Mon, Jul 30, 2012 at 2:04 PM, peter dervan <petesccie_at_gmail.com> wrote:

> Hi,
> Try something like this, been a while since i labbed this so can't
> remember if it will do proper 1 to 1 static network nat or not...
>
> =====================================================
>
> access-list 120 permit ip 192.168.1.0 0.0.0.255 10.10.0.0 0.1.255.255
>
> ip nat pool OVERLAPPING 192.168.200.1 192.168.200.254 prefix-length 24
>
> ip nat inside source list 120 pool OVERLAPPING
>
> =====================================================
>
>
>
> On Mon, Jul 30, 2012 at 2:41 PM, ccie99999 <ccie99999_at_googlemail.com>wrote:
>
>> Hi Peter,
>>
>> thanks for your help.
>>
>> I've tried what you've suggested and it looks it's working (the static is
>> not taking the precedence on the dynamic one)
>>
>> unluckily the static nat is not working..
>>
>> this is my basic nat stuff:
>>
>> (note: net 192.168.1.x must become 192.168.200.x with the static nat and
>> talk to 10.10.0.0)
>>
>> route-map NAT permit 10
>> match ip address 101
>>
>> access-list 101 permit ip 192.168.200.0 0.0.0.255 10.10.0.0 0.1.255.255
>> access-list 101 permit ip 192.168.1.0 0.0.0.255 10.10.0.0 0.1.255.255
>>
>> ip nat pool OVERLAPPING 192.168.200.1 192.168.200.254 pref 24
>>
>> ip nat inside source route-map NAT pool OVERLAPPING
>>
>> ######
>>
>> ip nat inside source list 100 interface Dialer0 overload
>>
>> access-list 100 deny ip 192.168.1.0 0.0.0.255 10.10.0.0 0.1.255.255
>> access-list 100 deny ip 192.168.200.0 0.0.0.255 10.10.0.0 0.1.255.255
>> access-list 100 permit ip 192.168.1.0 0.0.0.255 any
>>
>> thaaaanks again.
>>
>>
>>
>> On Mon, Jul 30, 2012 at 12:29 PM, Peter Dervan <petesccie_at_gmail.com>
>> wrote:
>>
>> > Try making the static nat policy based, using a nat pool and route map.
>> > Policy would allow static nat to kick in only when traffic is destined
>> to a
>> > particular destination - should fix your issue.
>> >
>> > Sent from my iPhone
>> >
>> > On 30 Jul 2012, at 13:14, ccie99999 <ccie99999_at_googlemail.com> wrote:
>> >
>> > > Hi guys,
>> > >
>> > > I feel a bit frustrated because of this simple issue:
>> > >
>> > > I've got to do a static nat and a dynamic one with the overload.
>> > >
>> > > the static one is for translating my entire lan to a specific net
>> > (because
>> > > of overlapping over ipsec).
>> > >
>> > > the dynamic one with overload is for surfing the web.
>> > >
>> > > As soon as I set up the static nat the customer looses the access to
>> > > internet (the dynamic one stop to work).
>> > >
>> > > I know that a static route has precedence over a dynamic but I've set
>> up
>> > a
>> > > specific acl:
>> > >
>> > > this is my conf:
>> > >
>> > > NAT:
>> > > ip nat inside source list 100 interface Dialer0 overload
>> > > ip nat inside source static network 192.168.1.0 192.168.200.0 /24
>> > >
>> > > ACL:
>> > > access-list 100 deny ip 192.168.1.0 0.0.0.255 10.10.0.0 0.1.255.255
>> > > access-list 100 deny ip 192.168.200.0 0.0.0.255 10.10.0.0
>> 0.1.255.255
>> > > access-list 100 permit ip 192.168.1.0 0.0.0.255 any
>> > >
>> > > I've even tried to use a route-map within the dynamic nat but still
>> > doesn't
>> > > work..
>> > >
>> > > where am I wrong?
>> > >
>> > > thanks in advance
>> > >
>> > >
>> > > --
>> > > ccie99999
>> > > twitter: @ccie99999
>> > >
>> > >
>> > > Blogs and organic groups at http://www.ccie.net
>> > >
>> > >
>> _______________________________________________________________________
>> > > Subscription information may be found at:
>> > > http://www.groupstudy.com/list/CCIELab.html
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> >
>>
>>
>>
>> --
>> ccie99999
>> twitter: @ccie99999
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>

-- 
ccie99999
twitter: @ccie99999
Blogs and organic groups at http://www.ccie.net