Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

pix 6.3.5 two static nat

in 6.3.4 i had 2 statics nat on the same local ip address:

static (dmz,outside) netmask 0 0

static (dmz,outside) netmask 0 0

i upgrade the pix with 6.3.5, and the second nat was remove and now i'm not able to add it again, the error message is "duplicate entry..."

how to resolve this problem?

Community Member

Re: pix 6.3.5 two static nat

The same ip address cannot be mapped to two different ips on same interface.

6.3.4 took the command. Guess there is a bug in that code. But it does not work properly in that code. It kind of confuses the pix on the translation.

The error message which you are getting is right because the pix is not supposed to take the second static for the same ip.


Re: pix 6.3.5 two static nat

imagine a packet orginated from and destined for the internet. now, pix will lookup the static statement and the pix will not be able to determine which one should be used.

just wondering what sort of service is the server running. maybe the workaround is to configure port forwarding.


static (dmz,outside) tcp 80 80 netmask

static (dmz,outside) tcp 25 25 netmask

with the sample above, internet service is running with; whereas email service is running with

Community Member

Re: pix 6.3.5 two static nat

Why don't you just give the dmz server a secondary internalIP address. That is pretty easy whether the server is Windows or NIX based.

CreatePlease to create content