Static and NAT - configuration for : ASA Version 7.2(4)33.
static (outside,inside) 10.100.0.0 10.100.0.0 netmask 255.255.0.0
Packets generated from inside zone, whose source IP - is- any and have destination IP in the range of 10.100.0.0 /16, these will exit the
"outside" interface without changing it's destination IP address or the source IP address. Packets will cross the firewall as it is.
This is same as : if pacets from outside zone with source IP in the range of 10.100.0.0 /16 and destination IP address of any will exit the inside interface without changing any source or destination IP address.
Corresponding permit access-lists are configured on outside and inside interfaces.
In next step following configuration is done.
global (inside) 1 interface
nat (outside) 1 access-list abcd_nat outside
access-list abcd_nat extended permit ip 10.100.0.0 255.255.0.0 host 10.1.1.1
This is PAT particularly for one IP from inside zone.
These two configurations kind of conflict with each other. First lets packet cross without any change and second changes the IP only for particular host. Which one will work or it may casue some error ?
"Duplicate TCP SYN from outside: ****** inside: ********* with different initial sequence number". Is this error generated from such configuration?
Explanation of such error is some thing different on cisco.com but it may be realted.
Please share the experience thanks in advance.