Static Nate Rule

Unanswered Question
Jun 3rd, 2010


When I try to add a second item to the source of a static nat rule, it replaces the original source item. Even if I try to add an extra static nat rule with a different source natted to the same destination IP, it asks me to replace the original rule.

I also tried to expand the source from one ip to /24 network but in this case I get an error the subnetmask of source and destination (/32) are not equal.

Any idea how I can allow two source ip addresses translated to one Ipadress over one interface?

The firewall is a Cisco ASA5520 running software version 8.0(3)

Any help really appreciated.

Kind regards,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Federico Coto F... Thu, 06/03/2010 - 06:23


You cannot translate the same internal IP address to two different IP address statically, for example, the below command won't work:

static (in,out)

static (in,out)  --> you will get an overlapping error here

The reason it does not work is because the ASA won't know to which address translate (because you have two static rules).

What you can do though is use static PAT:

static (in,out) tcp 80 80

static (in,out) tcp 25 25

The first line you're translating the internal to when using TCP port 80

The second line you're translating the same internal to when using TCP port 25... and so on...

Let me know if it helps.


KennyAlsic Thu, 06/03/2010 - 06:34


Thanks for the quick reply, but that was not the thing I am looking for ... maybe my question was not clear. Here it comes again:

I need to translate two different internal ipaddresses to another ipaddress.

Kind regards,


Federico Coto F... Thu, 06/03/2010 - 06:56


Sorry for the misunderstanding, but the same rule applies.

You cannot translate two different internal IP addresses to the same outside IP adress statically (only using STATIC PAT)

Normally this is desired when say, you have two internal servers and one listens on one port and the other one on a different port and you want to map them both to the same outside IP.

This can be done with static PAT.



This Discussion

Related Content