Your second translation applies to all internal devices in the 192.168.*.* subnet. Your first translation applies to the internal device 192.168.1.1 192.168.1.1 is, though, part of 192.168.*.*, so you have overlapping translations.
You are violating the constraint that "you cannot use the same local address in static NAT or static PAT commands"; see
formatting link
the section "Order of NAT Commands Used to Match Local Addresses"
Notice in that section that regular static commands do not look for "best match" or "longest match": you are simply not -allowed- to use the same address this way.
In practice, consider what happens if an -incoming- packet is addressed to 99.99.99.99. According to your first static, the translation
99.99.99.99192.168.1.1 should be created. But now suppose there is an incoming packet addressed to 192.168.1.1: that is not 99.99.99.99 so the first translation does not apply, but the second translation does, so the translation 192.168.1.1192.168.1.1 would be created.
To fix your problem, code
access-list AlmostIdentity deny ip host 192.168.1.1 any access-list AlmostIdentity permit ip 192.168.0.0 255.255.0.0 any
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.