That's right! If you do not want to see that message, either configure static first or perform "clear ip nat nvi translation *"
Despite of that I think this static won't work. This is because the router has no clue where the returning traffic destined to IP address of 10.99.98.100 route to. You can configure static route pointing to the upstream router to make it work. HTH, -- Piotr Matusiak CCIE #19860 (R&S, Security) 2010/1/20 Tyson Scott <[email protected]> > Brian, > > It has always been just something to know. The IOS believes it to be > overlapping but if you apply statics first it will allow it. > > Regards, > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Technical Instructor - IPexpert, Inc. > Mailto: [email protected] > Telephone: +1.810.326.1444, ext. 208 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, > Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & > Service > Provider) Certification Training with locations throughout the United > States, Europe and Australia. Be sure to check out our online communities > at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > > -----Original Message----- > From: Brian Schultz [mailto:[email protected]] > Sent: Wednesday, January 20, 2010 3:49 PM > To: Tyson Scott; Jimmy Larsson; [email protected] > Subject: Re: [OSL | CCIE_Security] ip nat source pool conflicts with ip nat > source static? > > I just ran into this exact same problem last week and a reboot fixed > the issue running 12.4(24)T2. I didn't think to apply the static nat > first. Is there a reason why to apply the static nat first or is it > ios related? > > Thanks, > Brian > > On 1/20/10, Tyson Scott <[email protected]> wrote: > > Apply your static first then apply the NAT pool. > > > > > > > > Regards, > > > > > > > > Tyson Scott - CCIE #13513 R&S, Security, and SP > > > > Technical Instructor - IPexpert, Inc. > > > > Mailto: <mailto:[email protected]> [email protected] > > > > Telephone: +1.810.326.1444, ext. 208 > > > > Live Assistance, Please visit: <http://www.ipexpert.com/chat> > > www.ipexpert.com/chat > > > > eFax: +1.810.454.0130 > > > > > > > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA > (R&S, > > Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & > Service > > Provider) Certification Training with locations throughout the United > > States, Europe and Australia. Be sure to check out our online communities > at > > <http://www.ipexpert.com/communities> www.ipexpert.com/communities and > our > > public website at <http://www.ipexpert.com> www.ipexpert.com > > > > > > > > From: [email protected] > > [mailto:[email protected]] On Behalf Of Jimmy > > Larsson > > Sent: Wednesday, January 20, 2010 9:41 AM > > To: [email protected] > > Subject: [OSL | CCIE_Security] ip nat source pool conflicts with ip nat > > source static? > > > > > > > > I am playing with some basic ios nat and cant get it to work the way I > want. > > > > > > > > On my "inside" I have a client at 10.0.20.100. I want to hide that Ip for > > outbound traffic. First I do it with a nat pool, like this: > > > > > > > > interface FastEthernet0 > > > > ip address 10.0.13.2 255.255.255.0 > > > > ip nat enable > > > > interface FastEthernet1 > > > > ip address 10.0.20.1 255.255.255.0 > > > > ip nat enable > > > > > > > > ip access-list extended ACL_INSIDE_NAT > > > > permit ip 10.0.20.0 0.0.0.255 any > > > > > > > > ip nat pool MYNATPOOL 10.99.99.99 10.99.99.199 netmask 255.255.255.0 > > add-route > > > > ip nat source list ACL_INSIDE_NAT pool MYNATPOOL > > > > > > > > All is fine and my client can access an outside web-server, hidden behind > an > > 10.99.99-address (after redistributing statics so that my outside network > > know about the 10.99.99-network). > > > > > > > > Then I want o modify it so that everything on 10.0.20.0/24 keeps hidden > > behind that pool EXCEPT for my host .100. I add this: > > > > > > > > ip access-list extended ACL_INSIDE_NAT > > > > deny ip host 10.0.20.100 any > > > > permit ip 10.0.20.0 0.0.0.255 any > > > > (Denying traffic from my host to make it NOT being nated with my pool) > > > > > > > > r3(config)#ip nat source static 10.0.20.100 10.99.98.100 > > > > r3(config)# > > > > *Jan 20 14:44:13.147: %Non-Static entry already exists > > > > > > > > 1) Why cant I do that? I cant see that my ip nat source pool conflicts > with > > my ip nat source static. > > > > 2) How do I solve this? > > > > 3) How do I redistribute knowledge of this 10.99.98-address? I miss the > > ability to add "add-route" at the end of the ip nat source static line. > If > I > > am suppose to solve this with a static route in the config, what should I > > point nexthop to? > > > > > > > > Br Jimmy > > > > -- > > ------- > > Jimmy Larsson > > Ryavagen 173 > > s-26030 Vallakra > > Sweden > > http://blogg.kvistofta.nu > > ------- > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
