Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Cisco Support Community site will be in read only mode on Dec14, 2017 from 12:01am PST to 11:30am for standard maintenance. Sorry for the inconvenience.

Bronze

need to have two static addresses to a single internal IP address

I currently have an internal IP address that is NATTED to an external IP. However, we are now setting up a L2L but that same internal IP now needs to be NATTED to the L2L VPN. I get the following error:

INFO: overlap with existing static

inside:WEBMAIL to outside:208.116.x.x netmask 255.255.255.255

10 REPLIES
Silver

Re: need to have two static addresses to a single internal IP ad

You may be able to use policy-nat here. From the current scenario, I think you have following static command in the network:

static (inside,outside) 208.116.x.x WEBMAIL

Now, lets assume that remote end network of L2L tunnel is 192.168.1.0/24, and you need to map the WEBMAIL server as 192.168.2.10 to the remote end L2L network, following commands might help-

access-list pol1 permit ip host WEBMAIL 192.168.1.0 255.255.255.0

static (inside,outside) 192.168.2.10 access-list pol1

I hope this helps.

Regards,

Vibhor.

Bronze

Re: need to have two static addresses to a single internal IP ad

That is what I actually tried...

Silver

Re: need to have two static addresses to a single internal IP ad

What code are you running ? Policy-nat was introduced in 6.3(2) code.

Regards,

Vibhor.

Bronze

Re: need to have two static addresses to a single internal IP ad

I already have policy nat running for other site to site vpn. I am running version 7.2(2)

Silver

Re: need to have two static addresses to a single internal IP ad

Cool .. could you paste the command you entered and received the error, along with commnads existing on PIX?

Bronze

Re: need to have two static addresses to a single internal IP ad

static (inside,outside) 208.116.x.x WEBMAIL netmask 255.255.255.255

Now for the site to site VPN with ZANTAZ, we need to NAT WEBMAIL to 172.30.59.91. In order to do this, I tried to use policy-nat (see below)

access-list ZANTAZ_VPN4 extended permit ip host WEBMAIL object-group ZANTAZ

static (inside,outside) 172.30.59.94 access-list ZANTAZ_VPN4

ERROR that I am getting:

INFO: overlap with existing static

inside:WEBMAIL to outside:208.116.x.x netmask 255.255.255.255

Bronze

Re: need to have two static addresses to a single internal IP ad

sorry typo

static (inside,outside) 172.30.59.91 access-list ZANTAZ_VPN4

Silver

Re: need to have two static addresses to a single internal IP ad

Ok .. well, thats not actually an "error" you are getting. Its a "INFO", which is just to inform you that you already have a static translation for the host WEBMAIL. If you check your current static rules, you'll see both static commands in there and they would work as they are expected to-

show run static

Its just a informational message and you may ignore it.

Hope that helps.

Regards,

Vibhor.

Bronze

Re: need to have two static addresses to a single internal IP ad

you were right that it is only info. However it does not show when I do show run static but only shows up in the show tech. So, I went and tried but it did not work. I will give it another try...I will clear the nat table and try again...

Bronze

Re: need to have two static addresses to a single internal IP ad

Well I got it to work. The trick was to move the static going along with policy-nat head of of the other static.

static (inside,outside) 172.30.59.91 access-list ZANTAZ_VPN1

static (inside,outside) 208.116.x.x WEBMAIL netmask 255.255.255.255

160
Views
0
Helpful
10
Replies
CreatePlease to create content