I'm trying to configure DMZ on my Active-Active PIX units; when piblishing my web server on the first context things work fine and the web becomes accessible using the published IP.. but when I try to apply the same static command on the second context (using the same IP I used on the other context) the PIX refuses publishing the web and a static overlap error message appears. If I publish the web server on this context using a different public IP, the web becomes totally unaccessible neither using the old IP nor using the second one.
Can somebody assist how should I deal with this problem? I need to be able to configure the same command on both contexts and using one public IP?
Command statements for the static command cannot contain overlapping IP addresses. When IP addresses are overlapped, PIX Firewall experiences service denials without sending denial statements to syslog. [CSCdp22217] In this caveat report, an FTP session was attempted but was denied without a denial message sent to syslog.
For example, the following command statements do not work:
In this example, the nat 0 command statement enables the identity feature so that any host on the 10.0.0.0 network can start connections to a lower security level interface. The first static command statement lets all hosts on the inside 10.0.0.0 network be visible on the outside network. The second static statement attempts to use a subset of the 10.0.0.0 address range on another interface. Because 10.64.0.0 is a part of the 10.0.0.0 range of addresses, the addresses overlap.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :