need to have two static addresses to a single internal IP address

Unanswered Question
Jun 5th, 2007
User Badges:
  • Silver, 250 points or more

I currently have an internal IP address that is NATTED to an external IP. However, we are now setting up a L2L but that same internal IP now needs to be NATTED to the L2L VPN. I get the following error:


INFO: overlap with existing static


inside:WEBMAIL to outside:208.116.x.x netmask 255.255.255.255

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
vitripat Tue, 06/05/2007 - 14:01
User Badges:
  • Gold, 750 points or more

You may be able to use policy-nat here. From the current scenario, I think you have following static command in the network:


static (inside,outside) 208.116.x.x WEBMAIL


Now, lets assume that remote end network of L2L tunnel is 192.168.1.0/24, and you need to map the WEBMAIL server as 192.168.2.10 to the remote end L2L network, following commands might help-


access-list pol1 permit ip host WEBMAIL 192.168.1.0 255.255.255.0

static (inside,outside) 192.168.2.10 access-list pol1


I hope this helps.



Regards,

Vibhor.

Tshi M Tue, 06/05/2007 - 14:06
User Badges:
  • Silver, 250 points or more

That is what I actually tried...

vitripat Tue, 06/05/2007 - 14:10
User Badges:
  • Gold, 750 points or more

What code are you running ? Policy-nat was introduced in 6.3(2) code.


Regards,

Vibhor.



Tshi M Tue, 06/05/2007 - 14:17
User Badges:
  • Silver, 250 points or more

I already have policy nat running for other site to site vpn. I am running version 7.2(2)

vitripat Tue, 06/05/2007 - 14:19
User Badges:
  • Gold, 750 points or more

Cool .. could you paste the command you entered and received the error, along with commnads existing on PIX?

Tshi M Tue, 06/05/2007 - 14:22
User Badges:
  • Silver, 250 points or more

static (inside,outside) 208.116.x.x WEBMAIL netmask 255.255.255.255


Now for the site to site VPN with ZANTAZ, we need to NAT WEBMAIL to 172.30.59.91. In order to do this, I tried to use policy-nat (see below)


access-list ZANTAZ_VPN4 extended permit ip host WEBMAIL object-group ZANTAZ


static (inside,outside) 172.30.59.94 access-list ZANTAZ_VPN4



ERROR that I am getting:

INFO: overlap with existing static


inside:WEBMAIL to outside:208.116.x.x netmask 255.255.255.255








Tshi M Tue, 06/05/2007 - 14:23
User Badges:
  • Silver, 250 points or more

sorry typo



static (inside,outside) 172.30.59.91 access-list ZANTAZ_VPN4



vitripat Tue, 06/05/2007 - 15:20
User Badges:
  • Gold, 750 points or more

Ok .. well, thats not actually an "error" you are getting. Its a "INFO", which is just to inform you that you already have a static translation for the host WEBMAIL. If you check your current static rules, you'll see both static commands in there and they would work as they are expected to-


show run static


Its just a informational message and you may ignore it.


Hope that helps.


Regards,

Vibhor.

Tshi M Tue, 06/05/2007 - 18:31
User Badges:
  • Silver, 250 points or more

you were right that it is only info. However it does not show when I do show run static but only shows up in the show tech. So, I went and tried but it did not work. I will give it another try...I will clear the nat table and try again...

Tshi M Thu, 06/07/2007 - 04:43
User Badges:
  • Silver, 250 points or more

Well I got it to work. The trick was to move the static going along with policy-nat head of of the other static.

static (inside,outside) 172.30.59.91 access-list ZANTAZ_VPN1

static (inside,outside) 208.116.x.x WEBMAIL netmask 255.255.255.255

Actions

This Discussion