Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

static nat to multiple outside to single inside

We are moving from a pix to an asa

Our current pix implementation looks like this

static (inside,outside)

static (inside,outside)

When I try to do this on the asa I can only do a single instance and get the error

ERROR: duplicate of existing static

when I try to do the second.

Is there a switch I need to run or something to get this functionality to work? Or is there a better way to do this?

New Member

Re: static nat to multiple outside to single inside

I think I found my own answer:


The simple answer is yes, but you can't using the "static" command as you would expect or else you'll get the error "ERROR: duplicate of existing static".

So the following configuration will fail;

static (Inside,Outside) netmask

static (Inside,Outside) netmask

However using policy NAT on the PIX/ASA using code 7.x and beyond (Tested on 8.x) the following will work.

access-list policy_1 extended permit ip host any

access-list policy_2 extended permit ip host any

static (Inside,Outside) access-list policy_1

static (Inside,Outside) access-list policy_2"


Re: static nat to multiple outside to single inside

This is a policy NAT configuration. I'm almost positive you will see abnormalities, especially when originating outbound connections.

Your configuration is saying:

Traffic originating from to ANY destination, policy NAT to and However, there's nothing to differentiate which translation should be used. I'm guessing outbound traffic will appear from whatever IP is currently in the state table.

CreatePlease login to create content