Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Problems with static

Hi,

I'm trying to add a static nat to redirect an dmz ip to an inside ip on port 3389. But when I enter the line I get this error.

WARNING: real-address conflict with existing static

What can I do?

Thanks.

Here's a part of my cfg:

All IP's are fictionnal but they represent the right class and range.

global (outside) 1 interface

nat (inside) 0 access-list no-nat-vpn

nat (inside) 1 0.0.0.0 0.0.0.0

static (inside,DMZ) 10.0.0.0 10.0.0.0 netmask 255.0.0.0

static (proxy,outside) 210.119.80.0 210.119.80.0 netmask 255.255.255.128

static (inside,DMZ) 192.168.0.0 192.168.0.0 netmask 255.255.0.0

static (inside,DMZ) 172.16.0.0 172.16.0.0 netmask 255.248.0.0

static (inside,DMZ) 210.119.82.0 210.119.82.0 netmask 255.255.255.0

static (inside,proxy) 192.168.0.0 192.168.0.0 netmask 255.255.0.0

static (inside,proxy) 172.16.0.0 172.16.0.0 netmask 255.248.0.0

static (inside,proxy) 10.0.0.0 10.0.0.0 netmask 255.0.0.0

static (inside,proxy) 210.119.82.0 210.119.82.0 netmask 255.255.255.0

static (proxy,DMZ) 210.119.80.0 210.119.80.0 netmask 255.255.255.128

static (inside,outside) 210.119.82.0 210.119.82.0 netmask 255.255.255.0

static (DMZ,outside) 210.119.81.0 210.119.81.0 netmask 255.255.255.0 tcp 0 1000

static (inside,outside) 210.119.80.243 172.18.0.84 netmask 255.255.255.255 tcp 0 1000

static (inside,outside) 210.119.80.244 172.18.0.8 netmask 255.255.255.255 tcp 0 1000

access-group outside_interface_in in interface outside

access-group proxy_interface_in in interface proxy

access-group inside_interface_in in interface inside

access-group DMZ_interface_in in interface DMZ

Chuck

6 REPLIES
Gold

Re: Problems with static

just wondering if you may post the static statement you were trying to add.

New Member

Re: Problems with static

what is the static statement that you are entering.

New Member

Re: Problems with static

Here is the line I'm trying to add

static (inside,DMZ) tcp 210.119.81.219 3389 172.18.0.8 3389

Cisco Employee

Re: Problems with static

The message "WARNING: real-address conflict with existing static" is comming because of the below self static

static (inside,DMZ) 172.16.0.0 172.16.0.0 netmask 255.248.0.0

Subnet: 172.16.0.0

Netmask: 255.248.0.0

Host Range: 172.16.0.1 to 172.23.255.254

The above self static already cover's the IP being used in the following Port redirection:

static (inside,DMZ) tcp 210.119.81.219 3389 172.18.0.8 3389

Public IP: 210.119.81.21

Private IP: 172.18.0.8

Port: 3389

Protocol: TCP

The IP 172.18.0.8 is already covered within Host Range: 172.16.0.1 to 172.23.255.254

Now i guess you should be able to fix it...!!!

Cheers...

Prashant Chauhan.

Gold

Re: Problems with static

hi prashant,

just wondering how would you resolve the issue as a cisco specialist.

New Member

Re: Problems with static

Hi, don't know if it is actually documented as how it works, but I had a simlar situation, and I found the static entries were applied in a top down fashion whereby the first match was used.

With that in mind, you could (during an outage window) delete the statics, then reapply with the new one entered before the existing one..........

178
Views
0
Helpful
6
Replies