10-14-2005 07:08 AM - edited 03-09-2019 12:43 PM
Hi,
I'm trying to add a static nat to redirect an dmz ip to an inside ip on port 3389. But when I enter the line I get this error.
WARNING: real-address conflict with existing static
What can I do?
Thanks.
Here's a part of my cfg:
All IP's are fictionnal but they represent the right class and range.
global (outside) 1 interface
nat (inside) 0 access-list no-nat-vpn
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,DMZ) 10.0.0.0 10.0.0.0 netmask 255.0.0.0
static (proxy,outside) 210.119.80.0 210.119.80.0 netmask 255.255.255.128
static (inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.0.0
static (inside,DMZ) 172.16.0.0 172.16.0.0 netmask 255.248.0.0
static (inside,DMZ) 210.119.82.0 210.119.82.0 netmask 255.255.255.0
static (inside,proxy) 192.168.0.0 192.168.0.0 netmask 255.255.0.0
static (inside,proxy) 172.16.0.0 172.16.0.0 netmask 255.248.0.0
static (inside,proxy) 10.0.0.0 10.0.0.0 netmask 255.0.0.0
static (inside,proxy) 210.119.82.0 210.119.82.0 netmask 255.255.255.0
static (proxy,DMZ) 210.119.80.0 210.119.80.0 netmask 255.255.255.128
static (inside,outside) 210.119.82.0 210.119.82.0 netmask 255.255.255.0
static (DMZ,outside) 210.119.81.0 210.119.81.0 netmask 255.255.255.0 tcp 0 1000
static (inside,outside) 210.119.80.243 172.18.0.84 netmask 255.255.255.255 tcp 0 1000
static (inside,outside) 210.119.80.244 172.18.0.8 netmask 255.255.255.255 tcp 0 1000
access-group outside_interface_in in interface outside
access-group proxy_interface_in in interface proxy
access-group inside_interface_in in interface inside
access-group DMZ_interface_in in interface DMZ
Chuck
10-14-2005 07:22 AM
just wondering if you may post the static statement you were trying to add.
10-14-2005 08:55 AM
what is the static statement that you are entering.
10-14-2005 09:27 AM
Here is the line I'm trying to add
static (inside,DMZ) tcp 210.119.81.219 3389 172.18.0.8 3389
10-14-2005 04:28 PM
The message "WARNING: real-address conflict with existing static" is comming because of the below self static
static (inside,DMZ) 172.16.0.0 172.16.0.0 netmask 255.248.0.0
Subnet: 172.16.0.0
Netmask: 255.248.0.0
Host Range: 172.16.0.1 to 172.23.255.254
The above self static already cover's the IP being used in the following Port redirection:
static (inside,DMZ) tcp 210.119.81.219 3389 172.18.0.8 3389
Public IP: 210.119.81.21
Private IP: 172.18.0.8
Port: 3389
Protocol: TCP
The IP 172.18.0.8 is already covered within Host Range: 172.16.0.1 to 172.23.255.254
Now i guess you should be able to fix it...!!!
Cheers...
Prashant Chauhan.
10-15-2005 12:38 AM
hi prashant,
just wondering how would you resolve the issue as a cisco specialist.
10-15-2005 02:39 AM
Hi, don't know if it is actually documented as how it works, but I had a simlar situation, and I found the static entries were applied in a top down fashion whereby the first match was used.
With that in mind, you could (during an outage window) delete the statics, then reapply with the new one entered before the existing one..........
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide