Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

6.3(3) -> 7.0(2) Upgrade: "Error: duplicate of existing static"

Hello,

I am struggling to understand a way around a problem that has arisen since I upgraded my 515e failover pair to v7.0(2).

We used to NAT 2 different IP addresses through the PIX to the same internal IP address using the following commands:

static (inside,outside) 195.195.195.11 192.168.0.13 netmask 255.255.255.255 0 0

static (inside,outside) 195.195.195.10 192.168.0.13 netmask 255.255.255.255 0 0

However, since the upgrade, the new version of the PIX software doesn't "allow" this kind of configuration, which, from the reading that I have done since, I can understand.

My question is, is there a way around this problem? Because although we can rationalise the 2 external IPs pointing to one internal IP by merging the 2 external IPs into one, we are experiencing the same problem with VPN traffic that used to work with the following command:

static (inside,outside) 192.168.0.13 192.168.0.13 netmask 255.255.255.255 0 0

The new version does not allow these two commands to exist on the PIX without giving the referring error:

static (inside,outside) 195.195.195.10 192.168.0.13 netmask 255.255.255.255 0 0

static (inside,outside) 192.168.0.13 192.168.0.13 netmask 255.255.255.255 0 0

Your assistance is appreciated.

- Edward

  • Other Security Subjects
1 REPLY
New Member

Re: 6.3(3) -> 7.0(2) Upgrade: "Error: duplicate of existing stat

Hi,

I finally managed to figure this out, with a little help from a friend, by implementing policy NAT. Solution was similar to this:

access-list acl_any_server01 extended permit ip host 192.168.0.13 any

access-list acl_vpn_server01 extended permit ip host 192.168.0.13 10.0.0.0 255.255.0.0

access-list acl_vpn_server01 extended permit ip host 192.168.0.13 172.20.0.0 255.255.0.0

static (inside,outside) 192.168.0.13 access-list acl_vpn_server01

static (inside,outside) 195.195.195.10 access-list acl_any_server01

- Edward

729
Views
0
Helpful
1
Replies
This widget could not be displayed.