Overlapping address in PAT with acl on ASA 5550

ktokashhh · ‎06-25-2007

Hi all, I'm trying to set up 6 static PAT connections inbound from the internet to the corresponding 6 10-net hosts. I'm following the example from http://www.cisco.com/en/US/docs/security/asa/asa71/configuration/guide/cfgnat.html#wp1043281 ("Using Static PAT" section) as a guide. I've come up with:

access-list acl01 permit tcp any host 10.x.y.15 eq 1669

static (inside,outside) tcp 204.x.y.85 1669 access-list acl01

It looks like I'm stepping on another IP because the second command shoots back with:

"global address overlaps with mask"

I've checked and the only thing my PAT IP of choice overlaps with is the outside interface's subnet mask. Also, I can't find any documentation on this error, so I'm kind of stuck.

Attached is my config, any help is appreciated.

sadbulali · ‎06-29-2007

I think the error is because you have not specified the mask. The network mask pertains to both global_ip and local_ip. For host addresses, always use 255.255.255.255. For network addresses, use the appropriate class mask or subnet mask; for example, for Class A networks, use 255.0.0.0. An example subnet mask is 255.255.255.224.