Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

WARNING: real-address conflict with existing static

hello all.  In my DMZ environment I usually use 1-1 static nats.  I currently have a need to PAT one of my DMZ boxes so that outside users connect into port 443 but translates into 8080.  I did the following which in my mind would mean if traffic comes in on 443 it will get translated to 8080 but anything else it just comes on through as it's original dest port as long as there is an ACL for it.  However I got the warning message in the title so I wanted to ask the community what possible side-effects there could be. 

static (dmz,outside) tcp 4.4.4.4 https 172.18.13.95 8080 netmask 255.255.255.255

static (dmz,outside)  4.4.4.4 172.18.13.95 netmask 255.255.255.255

WARNING: real-address conflict with existing static 

mapped-address conflict with existing static

 

Everyone's tags (1)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Green

Without having seen your full

Without having seen your full configuration including NAT, I would say that there is another static NAT statement that matches the IPs and ports of the NAT statement you are trying to add.

As for the consiquences of having both, If the other statement maps the translation between different interfaces and it is located higher on the NAT list, ie. it will be matched first, then you could get an incorrect result in your translation.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
2 REPLIES

Hi, I believe there shouldn't

Hi,

 

I believe there shouldn't be any problem. This is just a warning message for a the overlapping NAT rule in place....

 

Regards

Karthik

VIP Green

Without having seen your full

Without having seen your full configuration including NAT, I would say that there is another static NAT statement that matches the IPs and ports of the NAT statement you are trying to add.

As for the consiquences of having both, If the other statement maps the translation between different interfaces and it is located higher on the NAT list, ie. it will be matched first, then you could get an incorrect result in your translation.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
260
Views
0
Helpful
2
Replies
CreatePlease to create content