static NAT rule overlap

Unanswered Question

I have few different connections coming in to different real IPs and\or protocols, all with same inside destination (same windows machine).

I've set a security policy rule for each of them to permit inbound traffic on the outside interface.

when I try to create the static route pointing the traffic off the ASA via the inside interface to the actual server I'm rejected since teh destination (the internal IP) overlap from one static to another

how do I solve this problem?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
husycisco Fri, 07/18/2008 - 09:27
User Badges:
  • Gold, 750 points or more

Hello Ofir,

I couldnt understand why you need a route, please paste the acls, statics and routes you entered so we can understand your issue in depth.


Regards

take this example:

access-list Inbound_Traffic extended permit tcp any host 63.x.y.100 eq smtp

access-list Inbound_Traffic extended permit tcp any host 63.x.y.101 range 2710 2715

access-list Inbound_Traffic extended permit tcp any host 63.x.y.102 range 2710 2715

access-list Inbound_Traffic extended permit tcp any host 63.x.y.103 eq https

access-list Inbound_Traffic extended permit tcp any host 63.x.y.101 eq https

access-list Inbound_Traffic extended permit tcp any host 63.x.y.104 eq www


63.x.y.101 & 63.x.y.102 are different real world IP that point to the same internal IP (192.168.1.1)

when I try to config the NAT inside - pointing 63.63.x.y.101 to 192.168.1.1 and then do the same with 63.x.y.102, I get an error

acomiskey Fri, 07/18/2008 - 10:56
User Badges:
  • Green, 3000 points or more

You cannot do that.


You need to do something like this...


static (inside,outside) tcp 63.x.y.101 https 192.168.1.1 https netmask 255.255.255.255

static (inside,outside) tcp 63.x.y.102 2710 192.168.1.1 2710 netmask 255.255.255.255

etc.


a.alekseev Fri, 07/18/2008 - 12:12
User Badges:
  • Gold, 750 points or more

create an alias for 192.168.1.1 and use it for duplicated entry


gilarcejr_1127 Thu, 10/08/2015 - 05:26
User Badges:

Hi,

 

I'm having the same problem. How exactly do you use an alias for the duplicate? Can you guide us please on you configs for that? Thanks

Actions

This Discussion