Re: dynamic vs static nat

thanks guys for your reply but still I don't get it..

I'm here, this is the same situation I've:
https://supportforums.cisco.com/thread/2043483

but after setting the static and the dynamic with the route-map I still
don't have a working solution.

and googling this it looks like it's a common issue..

checking some previous lab I did for my ccie I don't see this scenario.

thanks again for your help

On Mon, Jul 30, 2012 at 5:16 PM, Dan Shechter G <danshtr_at_gmail.com> wrote:

> Its a bit mess on IOS, but in general static route has precedence over
> dynamic NAT.
>
> you can use route map, but notice that route-maps in nat are evaluated be
> lexical order, which means that route-map 'rmA' will be evaluated before
> 'rmB'
>
> On 30 Jul 2012, at 17:19, ccie99999 wrote:
>
> > yeah, nothing..
> >
> > overload works but not static nat..
> > even after a clear ip nat tran * , a ping to the remote net + a show ip
> nat
> > translat and I don't see the static nat..
> >
> > :(
> >
> > On Mon, Jul 30, 2012 at 2:04 PM, peter dervan <petesccie_at_gmail.com>
> wrote:
> >
> >> Hi,
> >> Try something like this, been a while since i labbed this so can't
> >> remember if it will do proper 1 to 1 static network nat or not...
> >>
> >> =====================================================
> >>
> >> access-list 120 permit ip 192.168.1.0 0.0.0.255 10.10.0.0 0.1.255.255
> >>
> >> ip nat pool OVERLAPPING 192.168.200.1 192.168.200.254 prefix-length 24
> >>
> >> ip nat inside source list 120 pool OVERLAPPING
> >>
> >> =====================================================
> >>
> >>
> >>
> >> On Mon, Jul 30, 2012 at 2:41 PM, ccie99999 <ccie99999_at_googlemail.com
> >wrote:
> >>
> >>> Hi Peter,
> >>>
> >>> thanks for your help.
> >>>
> >>> I've tried what you've suggested and it looks it's working (the static
> is
> >>> not taking the precedence on the dynamic one)
> >>>
> >>> unluckily the static nat is not working..
> >>>
> >>> this is my basic nat stuff:
> >>>
> >>> (note: net 192.168.1.x must become 192.168.200.x with the static nat
> and
> >>> talk to 10.10.0.0)
> >>>
> >>> route-map NAT permit 10
> >>> match ip address 101
> >>>
> >>> access-list 101 permit ip 192.168.200.0 0.0.0.255 10.10.0.0 0.1.255.255
> >>> access-list 101 permit ip 192.168.1.0 0.0.0.255 10.10.0.0 0.1.255.255
> >>>
> >>> ip nat pool OVERLAPPING 192.168.200.1 192.168.200.254 pref 24
> >>>
> >>> ip nat inside source route-map NAT pool OVERLAPPING
> >>>
> >>> ######
> >>>
> >>> ip nat inside source list 100 interface Dialer0 overload
> >>>
> >>> access-list 100 deny ip 192.168.1.0 0.0.0.255 10.10.0.0 0.1.255.255
> >>> access-list 100 deny ip 192.168.200.0 0.0.0.255 10.10.0.0 0.1.255.255
> >>> access-list 100 permit ip 192.168.1.0 0.0.0.255 any
> >>>
> >>> thaaaanks again.
> >>>
> >>>
> >>>
> >>> On Mon, Jul 30, 2012 at 12:29 PM, Peter Dervan <petesccie_at_gmail.com>
> >>> wrote:
> >>>
> >>>> Try making the static nat policy based, using a nat pool and route
> map.
> >>>> Policy would allow static nat to kick in only when traffic is destined
> >>> to a
> >>>> particular destination - should fix your issue.
> >>>>
> >>>> Sent from my iPhone
> >>>>
> >>>> On 30 Jul 2012, at 13:14, ccie99999 <ccie99999_at_googlemail.com> wrote:
> >>>>
> >>>>> Hi guys,
> >>>>>
> >>>>> I feel a bit frustrated because of this simple issue:
> >>>>>
> >>>>> I've got to do a static nat and a dynamic one with the overload.
> >>>>>
> >>>>> the static one is for translating my entire lan to a specific net
> >>>> (because
> >>>>> of overlapping over ipsec).
> >>>>>
> >>>>> the dynamic one with overload is for surfing the web.
> >>>>>
> >>>>> As soon as I set up the static nat the customer looses the access to
> >>>>> internet (the dynamic one stop to work).
> >>>>>
> >>>>> I know that a static route has precedence over a dynamic but I've set
> >>> up
> >>>> a
> >>>>> specific acl:
> >>>>>
> >>>>> this is my conf:
> >>>>>
> >>>>> NAT:
> >>>>> ip nat inside source list 100 interface Dialer0 overload
> >>>>> ip nat inside source static network 192.168.1.0 192.168.200.0 /24
> >>>>>
> >>>>> ACL:
> >>>>> access-list 100 deny ip 192.168.1.0 0.0.0.255 10.10.0.0 0.1.255.255
> >>>>> access-list 100 deny ip 192.168.200.0 0.0.0.255 10.10.0.0
> >>> 0.1.255.255
> >>>>> access-list 100 permit ip 192.168.1.0 0.0.0.255 any
> >>>>>
> >>>>> I've even tried to use a route-map within the dynamic nat but still
> >>>> doesn't
> >>>>> work..
> >>>>>
> >>>>> where am I wrong?
> >>>>>
> >>>>> thanks in advance
> >>>>>
> >>>>>
> >>>>> --
> >>>>> ccie99999
> >>>>> twitter: @ccie99999
> >>>>>
> >>>>>
> >>>>> Blogs and organic groups at http://www.ccie.net
> >>>>>
> >>>>>
> >>> _______________________________________________________________________
> >>>>> Subscription information may be found at:
> >>>>> http://www.groupstudy.com/list/CCIELab.html
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>>
> >>>>
> >>>
> >>>
> >>>
> >>> --
> >>> ccie99999
> >>> twitter: @ccie99999
> >>>
> >>>
> >>> Blogs and organic groups at http://www.ccie.net
> >>>
> >>> _______________________________________________________________________
> >>> Subscription information may be found at:
> >>> http://www.groupstudy.com/list/CCIELab.html
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>>
> >>
> >
> >
> > --
> > ccie99999
> > twitter: @ccie99999
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>
>

-- 
ccie99999
twitter: @ccie99999
Blogs and organic groups at http://www.ccie.net