Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.


ASA5520 (Global address overlaps??)

Dear all,

We have T1 internet with /29 public ip address, and one machine need to do static mapping, someone can access in from outside...

I got some message after I apply static (inside,outside)..

INFO: Global address overlaps with NAT exempt configuration

I am not sure this is error or not, it is because I could not ping the public ip address from outside.... the machine inside can surf internet...

Here is the config:

name 72.x.x.5 Register1




interface GigabitEthernet0/0

nameif outside

security-level 0

ip address 72.x.x.2


interface GigabitEthernet0/1

nameif inside

security-level 100

ip address


interface GigabitEthernet0/2


no nameif

no security-level

no ip address


interface GigabitEthernet0/3


no nameif

no security-level

no ip address


interface Management0/0

nameif management

security-level 100

ip address



passwd xyxyxyxyx encrypted

boot system disk0:/asa721-k8.bin

boot system disk0:/asa704-k8.bin

ftp mode passive

dns server-group DefaultDNS


access-list inside_access_in extended permit udp any any eq domain

access-list inside_access_in extended permit ip any any

access-list inside_access_in extended permit icmp any any

access-list inside_nat0_outbound extended permit ip any 255.25

access-list outside_access_in extended permit icmp any any echo-reply

access-list outside_access_in extended permit tcp any host Register1

access-list outside_access_in extended permit udp any host Register1

access-list company_splitTunnelAcl standard permit any

access-list outside_cryptomap_dyn_20 extended permit ip any 25


access-list splittunnel standard permit

access-list splittunnel standard permit

access-list splittunnel standard permit

access-list splittunnel standard permit

pager lines 24

logging enable

logging asdm informational

mtu outside 1500

mtu inside 1500

mtu management 1500

ip local pool CompanyVPN2 mask

no failover

asdm image disk0:/asdm521.bin

no asdm history enable

arp timeout 14400

global (outside) 100 72.x.x.3 netmask

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 100 dns

nat (inside) 100 dns

static (inside,outside) Register1 netmask

access-group outside_access_in in interface outside

access-group inside_access_in in interface inside

route outside CompanyDIA 1

route inside 1

route inside 1

According the config, the inside machine ( map to 75.x.x.5), so I should able to ping 75.x.x.5. However, I couldnt ping 75.x.x.5.

Thanks a lot!!!


Re: ASA5520 (Global address overlaps??)

Dont worry, fixed it..

Just need to add access-list with icmp traffic.