Oct 16, 2018 On Cisco Catalyst 6500 Series Switches, if you have a NAT overload configuration, we recommend that you limit the number of NAT translations to less than 64512, by using the ip nat translation max-entries command. If the number of NAT translations is 64512 or more, a limited number of ports are available for use by local applications, which, in. Learn how to configure dynamic network address translation on a Cisco device for your inside hosts to allow them to gain access to the Internet, but to also overload them by using the Port Address Translation (PAT) keyword. By creating a pool of inside global addresses and then allowing the inside addresses to use the pool in order to get an inside global access, the inside hosts will now be.
JimMy point was that your NAT pool is using the interface IP address which is the same as your general internet access traffic.So could you not just remove this from your vpnnonat acl -deny ip 192.168.12.0 0.0.3.255 10.10.16.0 0.0.0.255then the VPN traffic would match this line from the same acl -permit ip 192.168.12.0 0.0.3.255 anywhich is what you want ie. You want your source IPs for the VPN traffic to be translated.Then you wouldn't need the NAT pool configurationYou usually do need to exclude VPN traffic from NAT but you don't want to do that for this specific VPN.I'm not saying it will fix the issue but I can't see anything else wrong with your configuration and I was just wondering if having a NAT pool using the same IP as the outside interface was perhaps causing a problem.Jon.
Summaryis this on the right track?Yes. Very similar to the link in the comment. As you mentioned, you only need to do two things. Configure NAT overload on the global interface. Put a static route in the VRF for the speed test server.DetailsAssume your speed test server is at 172.16.10.5. And you're trying to ping it from a CE switch in VRF01. To Speed Test Server(172.16.10.5, NH 172.16.1.1).