Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
551
Views
0
Helpful
1
Replies

Error when applying NAT rule via ASDM on ASA 5520

whiteford
Level 1
Level 1

‎02-06-2009 12:48 AM - edited ‎03-11-2019 07:47 AM

Hi,

I have a Cisco ASA 5520 and have just added a NAT:

static (inside,DMZ2_Regional) 192.168.21.1 192.168.21.11 netmask 255.255.255.255

Then applied to get this message:

OK] no static (inside,outside) x.x.x.83 192.168.60.11 netmask 255.255.255.255

[OK] no static (inside,outside) 172.30.0.0 access-list policy-nat

[OK] no static (inside,outside) x.x.x.88 192.168.21.30 netmask 255.255.255.255

[OK] no static (inside,DMZ1_Tel_Servers) 192.168.70.11 192.168.70.11 netmask 255.255.255.255

[OK] no static (inside,DMZ1_Tel_Servers) 192.168.20.11 192.168.20.11 netmask 255.255.255.255

[OK] no static (inside,DMZ2_Regional_Network) 192.168.21.14 192.168.21.14 netmask 255.255.255.255

[OK] no static (inside,DMZ1_Tel_Servers) 192.168.21.14 192.168.21.14 netmask 255.255.255.255

[OK] no static (inside,DMZ4_pda) interface 192.168.21.1 netmask 255.255.255.255

[OK] no static (inside,DMZ4_pda) 128.101.10.66 128.101.10.66 netmask 255.255.255.255

[OK] static (inside,DMZ2_Regional_Network) 192.168.21.1 192.168.21.11 netmask 255.255.255.255 tcp 0 0 udp 0

[OK] static (inside,DMZ4_pda) 128.101.10.66 128.101.10.66 netmask 255.255.255.255 tcp 0 0 udp 0

[WARNING] static (inside,DMZ4_pda) interface 192.168.21.1 netmask 255.255.255.255 tcp 0 0 udp 0

static redirecting all traffics at DMZ4_pda interface;

WARNING: all services terminating at DMZ4_pda interface are disabled.

[OK] static (inside,DMZ1_Tel_Servers) 192.168.21.14 192.168.21.14 netmask 255.255.255.255 tcp 0 0 udp 0

[OK] static (inside,DMZ2_Regional_Network) 192.168.21.14 192.168.21.14 netmask 255.255.255.255 tcp 0 0 udp 0

[OK] static (inside,DMZ1_Tel_Servers) 192.168.20.11 192.168.20.11 netmask 255.255.255.255 tcp 0 0 udp 0

[OK] static (inside,DMZ1_Tel_Servers) 192.168.70.11 192.168.70.11 netmask 255.255.255.255 tcp 0 0 udp 0

[OK] static (inside,outside) x.x.x.88 192.168.21.30 netmask 255.255.255.255 tcp 0 0 udp 0

[WARNING] static (inside,outside) 172.30.0.0 access-list policy-nat tcp 0 0 udp 0

real-address conflict with existing static

UDP inside:SVR06/9996 to outside:x.x.x.66/9996 netmask 255.255.255.255

[OK] static (inside,outside) x.x.x.83 192.168.60.11 netmask 255.255.255.255 tcp 0 0 udp 0

Basically what I need to do is make this DMZ 2 which is a regional LAN (lease line with router etc) translate any traffic going from them to 192.168.21.1 (Old DHCP server) to now 192.168.21.11 (New DHCP server).

We don't have access to their router to change their DHCP helper settings to now point to 192.168.21.11 so I thought a NAT could do it?

Labels:
0 Helpful
1 Reply 1

Pravin Phadte
Level 5
Level 5

‎02-06-2009 05:36 AM

is there any address overlap on ACL ?

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card