Solved: Nat - VPN L2L

Thiago Cella · ‎12-15-2011

Hi people,

I have an ASA with interfaces inside and outside;

I had this situation :

Im my inside , i have a server with IP : 192.168.1.20 255.255.255.0 , and two VPN L2L configured;

But the local address network of these two remote Peers , are the same range : 192.168.1.0 /24 ;

These two Peers have to access my server 192.168.1.20, so to Peer1 , they know my server with ip 1.1.1.20 , so i create this nat :

static (inside,outside) 1.1.1.20 192.168.1.20 netmask 255.255.255.255

So worked perfectly!

The Peer2 have to access my server 192.168.1.20 too, so to Peer2 , they know my server with ip 2.2.2.20, but when i create the follow nat, the Asa returns the error message :

static (inside,outside) 2.2.2.20 192.168.1.20 netmask 255.255.255.255

ERROR: duplicate of existing static

Is there any way to use these two static nats ?

Julio Carvajal · ‎12-15-2011

Hello Thiago,

Hope you are having a great day.

Lets try the following:

static (inside,outside) 1.1.1.20 192.168.1.20 netmask 255.255.255.255

access-list TEST permit ip host 192.168.1.20 any

static (inside,outside) 2.2.2.20 access-list TEST

Please rate helpful posts,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

View solution in original post

Julio Carvajal · ‎12-15-2011

Hello Thiago,

Hope you are having a great day.

Lets try the following:

static (inside,outside) 1.1.1.20 192.168.1.20 netmask 255.255.255.255

access-list TEST permit ip host 192.168.1.20 any

static (inside,outside) 2.2.2.20 access-list TEST

Please rate helpful posts,

Regards,

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thiago Cella · ‎01-14-2012

Worked!!

Tks.

Julio Carvajal · ‎01-14-2012

Hello Thiago,

Glad I could help!

Julio

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC