Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
751
Views
0
Helpful
2
Replies

WARNING: real-address conflict with existing static

Go to solution
jmattbullen
Level 1
Level 1

‎08-28-2014 05:16 AM - edited ‎03-11-2019 09:41 PM

hello all.  In my DMZ environment I usually use 1-1 static nats.  I currently have a need to PAT one of my DMZ boxes so that outside users connect into port 443 but translates into 8080.  I did the following which in my mind would mean if traffic comes in on 443 it will get translated to 8080 but anything else it just comes on through as it's original dest port as long as there is an ACL for it.  However I got the warning message in the title so I wanted to ask the community what possible side-effects there could be. 

static (dmz,outside) tcp 4.4.4.4 https 172.18.13.95 8080 netmask 255.255.255.255

static (dmz,outside)  4.4.4.4 172.18.13.95 netmask 255.255.255.255

WARNING: real-address conflict with existing static 

mapped-address conflict with existing static

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎08-28-2014 12:53 PM

Without having seen your full configuration including NAT, I would say that there is another static NAT statement that matches the IPs and ports of the NAT statement you are trying to add.

As for the consiquences of having both, If the other statement maps the translation between different interfaces and it is located higher on the NAT list, ie. it will be matched first, then you could get an incorrect result in your translation.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
2 Replies 2

Go to solution
nkarthikeyan
Level 7
Level 7

‎08-28-2014 06:08 AM

Hi,

 

I believe there shouldn't be any problem. This is just a warning message for a the overlapping NAT rule in place....

 

Regards

Karthik

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP

‎08-28-2014 12:53 PM

Without having seen your full configuration including NAT, I would say that there is another static NAT statement that matches the IPs and ports of the NAT statement you are trying to add.

As for the consiquences of having both, If the other statement maps the translation between different interfaces and it is located higher on the NAT list, ie. it will be matched first, then you could get an incorrect result in your translation.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card