Overlapping address in PAT with acl on ASA 5550

Unanswered Question
Jun 25th, 2007

Hi all, I'm trying to set up 6 static PAT connections inbound from the internet to the corresponding 6 10-net hosts. I'm following the example from http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/cfgnat.html#wp1043281 ("Using Static PAT" section) as a guide. I've come up with:

access-list acl01 permit tcp any host 10.x.y.15 eq 1669

static (inside,outside) tcp 204.x.y.85 1669 access-list acl01

It looks like I'm stepping on another IP because the second command shoots back with:

"global address overlaps with mask"

I've checked and the only thing my PAT IP of choice overlaps with is the outside interface's subnet mask. Also, I can't find any documentation on this error, so I'm kind of stuck.

Attached is my config, any help is appreciated.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
sadbulali Fri, 06/29/2007 - 10:12

I think the error is because you have not specified the mask. The network mask pertains to both global_ip and local_ip. For host addresses, always use For network addresses, use the appropriate class mask or subnet mask; for example, for Class A networks, use An example subnet mask is


This Discussion