Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

pix 6.3.5 two static nat

in 6.3.4 i had 2 statics nat on the same local ip address:

static (dmz,outside) 111.111.111.111 10.20.20.6 netmask 255.255.255.255 0 0

static (dmz,outside) 222.222.222.222 10.20.20.6 netmask 255.255.255.255 0 0

i upgrade the pix with 6.3.5, and the second nat was remove and now i'm not able to add it again, the error message is "duplicate entry..."

how to resolve this problem?

3 REPLIES
Community Member

Re: pix 6.3.5 two static nat

The same ip address cannot be mapped to two different ips on same interface.

6.3.4 took the command. Guess there is a bug in that code. But it does not work properly in that code. It kind of confuses the pix on the translation.

The error message which you are getting is right because the pix is not supposed to take the second static for the same ip.

Gold

Re: pix 6.3.5 two static nat

imagine a packet orginated from 10.20.20.6 and destined for the internet. now, pix will lookup the static statement and the pix will not be able to determine which one should be used.

just wondering what sort of service is the server running. maybe the workaround is to configure port forwarding.

e.g.

static (dmz,outside) tcp 1.1.1.1 80 10.20.20.6 80 netmask 255.255.255.255

static (dmz,outside) tcp 2.2.2.2 25 10.20.20.6 25 netmask 255.255.255.255

with the sample above, internet service is running with 1.1.1.1; whereas email service is running with 2.2.2.2

Community Member

Re: pix 6.3.5 two static nat

Why don't you just give the dmz server a secondary internalIP address. That is pretty easy whether the server is Windows or NIX based.

287
Views
0
Helpful
3
Replies
CreatePlease to create content