Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
447
Views
0
Helpful
6
Replies

Problems with static

sysmgr3sysmgr3
Level 1
Level 1

‎10-14-2005 07:08 AM - edited ‎03-09-2019 12:43 PM

Hi,

I'm trying to add a static nat to redirect an dmz ip to an inside ip on port 3389. But when I enter the line I get this error.

WARNING: real-address conflict with existing static

What can I do?

Thanks.

Here's a part of my cfg:

All IP's are fictionnal but they represent the right class and range.

global (outside) 1 interface

nat (inside) 0 access-list no-nat-vpn

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,DMZ) 10.0.0.0 10.0.0.0 netmask 255.0.0.0

static (proxy,outside) 210.119.80.0 210.119.80.0 netmask 255.255.255.128

static (inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.0.0

static (inside,DMZ) 172.16.0.0 172.16.0.0 netmask 255.248.0.0

static (inside,DMZ) 210.119.82.0 210.119.82.0 netmask 255.255.255.0

static (inside,proxy) 192.168.0.0 192.168.0.0 netmask 255.255.0.0

static (inside,proxy) 172.16.0.0 172.16.0.0 netmask 255.248.0.0

static (inside,proxy) 10.0.0.0 10.0.0.0 netmask 255.0.0.0

static (inside,proxy) 210.119.82.0 210.119.82.0 netmask 255.255.255.0

static (proxy,DMZ) 210.119.80.0 210.119.80.0 netmask 255.255.255.128

static (inside,outside) 210.119.82.0 210.119.82.0 netmask 255.255.255.0

static (DMZ,outside) 210.119.81.0 210.119.81.0 netmask 255.255.255.0 tcp 0 1000

static (inside,outside) 210.119.80.243 172.18.0.84 netmask 255.255.255.255 tcp 0 1000

static (inside,outside) 210.119.80.244 172.18.0.8 netmask 255.255.255.255 tcp 0 1000

access-group outside_interface_in in interface outside

access-group proxy_interface_in in interface proxy

access-group inside_interface_in in interface inside

access-group DMZ_interface_in in interface DMZ

Chuck

Labels:
0 Helpful
6 Replies 6

jackko
Level 7
Level 7

‎10-14-2005 07:22 AM

just wondering if you may post the static statement you were trying to add.

0 Helpful

arunsing
Level 1
Level 1

‎10-14-2005 08:55 AM

what is the static statement that you are entering.

0 Helpful

sysmgr3sysmgr3
Level 1
Level 1

‎10-14-2005 09:27 AM

Here is the line I'm trying to add

static (inside,DMZ) tcp 210.119.81.219 3389 172.18.0.8 3389

0 Helpful

prchauha
Cisco Employee
Cisco Employee
In response to sysmgr3sysmgr3

‎10-14-2005 04:28 PM

The message "WARNING: real-address conflict with existing static" is comming because of the below self static

static (inside,DMZ) 172.16.0.0 172.16.0.0 netmask 255.248.0.0

Subnet: 172.16.0.0

Netmask: 255.248.0.0

Host Range: 172.16.0.1 to 172.23.255.254

The above self static already cover's the IP being used in the following Port redirection:

static (inside,DMZ) tcp 210.119.81.219 3389 172.18.0.8 3389

Public IP: 210.119.81.21

Private IP: 172.18.0.8

Port: 3389

Protocol: TCP

The IP 172.18.0.8 is already covered within Host Range: 172.16.0.1 to 172.23.255.254

Now i guess you should be able to fix it...!!!

Cheers...

Prashant Chauhan.

0 Helpful

jackko
Level 7
Level 7
In response to prchauha

‎10-15-2005 12:38 AM

hi prashant,

just wondering how would you resolve the issue as a cisco specialist.

0 Helpful

itchampnz
Level 1
Level 1
In response to jackko

‎10-15-2005 02:39 AM

Hi, don't know if it is actually documented as how it works, but I had a simlar situation, and I found the static entries were applied in a top down fashion whereby the first match was used.

With that in mind, you could (during an outage window) delete the statics, then reapply with the new one entered before the existing one..........

0 Helpful
Customers Also Viewed These Support Documents