cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
573
Views
0
Helpful
10
Replies

need to have two static addresses to a single internal IP address

Tshi M
Level 5
Level 5

I currently have an internal IP address that is NATTED to an external IP. However, we are now setting up a L2L but that same internal IP now needs to be NATTED to the L2L VPN. I get the following error:

INFO: overlap with existing static

inside:WEBMAIL to outside:208.116.x.x netmask 255.255.255.255

10 Replies 10

vitripat
Level 7
Level 7

You may be able to use policy-nat here. From the current scenario, I think you have following static command in the network:

static (inside,outside) 208.116.x.x WEBMAIL

Now, lets assume that remote end network of L2L tunnel is 192.168.1.0/24, and you need to map the WEBMAIL server as 192.168.2.10 to the remote end L2L network, following commands might help-

access-list pol1 permit ip host WEBMAIL 192.168.1.0 255.255.255.0

static (inside,outside) 192.168.2.10 access-list pol1

I hope this helps.

Regards,

Vibhor.

That is what I actually tried...

What code are you running ? Policy-nat was introduced in 6.3(2) code.

Regards,

Vibhor.

I already have policy nat running for other site to site vpn. I am running version 7.2(2)

Cool .. could you paste the command you entered and received the error, along with commnads existing on PIX?

static (inside,outside) 208.116.x.x WEBMAIL netmask 255.255.255.255

Now for the site to site VPN with ZANTAZ, we need to NAT WEBMAIL to 172.30.59.91. In order to do this, I tried to use policy-nat (see below)

access-list ZANTAZ_VPN4 extended permit ip host WEBMAIL object-group ZANTAZ

static (inside,outside) 172.30.59.94 access-list ZANTAZ_VPN4

ERROR that I am getting:

INFO: overlap with existing static

inside:WEBMAIL to outside:208.116.x.x netmask 255.255.255.255

sorry typo

static (inside,outside) 172.30.59.91 access-list ZANTAZ_VPN4

Ok .. well, thats not actually an "error" you are getting. Its a "INFO", which is just to inform you that you already have a static translation for the host WEBMAIL. If you check your current static rules, you'll see both static commands in there and they would work as they are expected to-

show run static

Its just a informational message and you may ignore it.

Hope that helps.

Regards,

Vibhor.

you were right that it is only info. However it does not show when I do show run static but only shows up in the show tech. So, I went and tried but it did not work. I will give it another try...I will clear the nat table and try again...

Well I got it to work. The trick was to move the static going along with policy-nat head of of the other static.

static (inside,outside) 172.30.59.91 access-list ZANTAZ_VPN1

static (inside,outside) 208.116.x.x WEBMAIL netmask 255.255.255.255

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: