09-30-2010 07:20 AM
concentrator 3030...I have a local host that needs to access multiple L2L tunnels with different NAT requirements:
I currently have this NAT configured...
source 10.1.1.1/32 static NAT 134.x.x.x/32 destination ANY
I need to configure this NAT...
source 10.1.1.1/32 static NAT 10.99.17.x/32 destination 32.x.x.x/32
Is this possible? I have tried and I get "Source and remote network address
conflict with an existing rule. Either source or remote network address
must be changed". Is the conflict due to the destination ANY of the pre-existing rule?
I thought that since the destination of the rule I need to add is more specific that this
should work.
Thanks for your help, Anne
Solved! Go to Solution.
10-03-2010 08:10 AM
Hi Anne,
Yes the conflict error that we see is due to the destination ANY of the pre-existing rule. Ideally we need to have more specific static statements in the static rules to have multiple nat for same source. So i would suggest we find out the remote network list for which we need the 1st translation (134.x.x.x/32 ), and apply the static rule(might need more than 1 static rule if multiple remote subnets are the case), and similarly one more for the new static we are looking for (for the destination 32.x.x.x/32 ).
Now on some of the other security appliances, we can have a workaround to our scenario, but i'm not sure if the software version running on your concentrator would support this.
Try to remove the static rule for any (1st statement) and then apply the new rule first (to 32.x.x.x/32). After this apply the original static rule (destination to any). The idea is to have more speific static rule first, and then the general (any) static rule for the rest of the destinations. I suggest you try this in a maintenance window to avoid any impact on users.
Let me know if this helps...
Cheers,
Rudresh V
10-03-2010 08:10 AM
Hi Anne,
Yes the conflict error that we see is due to the destination ANY of the pre-existing rule. Ideally we need to have more specific static statements in the static rules to have multiple nat for same source. So i would suggest we find out the remote network list for which we need the 1st translation (134.x.x.x/32 ), and apply the static rule(might need more than 1 static rule if multiple remote subnets are the case), and similarly one more for the new static we are looking for (for the destination 32.x.x.x/32 ).
Now on some of the other security appliances, we can have a workaround to our scenario, but i'm not sure if the software version running on your concentrator would support this.
Try to remove the static rule for any (1st statement) and then apply the new rule first (to 32.x.x.x/32). After this apply the original static rule (destination to any). The idea is to have more speific static rule first, and then the general (any) static rule for the rest of the destinations. I suggest you try this in a maintenance window to avoid any impact on users.
Let me know if this helps...
Cheers,
Rudresh V
10-04-2010 08:08 AM
Thanks for your reply; this is what I suspected. I appreciate the confirmation.
Thanks, Anne
10-04-2010 08:35 AM
Hi Anne,
Can you please mark this discussion answered if you have no other queries.
Good Day,
Rudresh V
10-03-2010 08:20 AM
it will say that becuase you have a generic rule at the top
try the following
remove the generic existing rule
enter the more specific, new rule first
then add the generic old rule
see if this helps
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide