Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

same host multiple NATs

concentrator 3030...I have a local host that needs to access multiple L2L tunnels with different NAT requirements:


I currently have this NAT configured...

source 10.1.1.1/32     static NAT 134.x.x.x/32     destination ANY

I need to configure this NAT...

source 10.1.1.1/32     static NAT 10.99.17.x/32     destination 32.x.x.x/32

Is this possible?  I have tried and I get "Source and remote network address

conflict with an existing rule.  Either source or remote network address

must be changed".  Is the conflict due to the destination ANY of the pre-existing rule?

I thought that since the destination of the rule I need to add is more specific that this

should work.

Thanks for your help,  Anne

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: same host multiple NATs

Hi Anne,

Yes the conflict error that we see is due to the destination ANY of the pre-existing rule. Ideally we need to have more specific static statements in the static rules to have multiple nat for same source. So i would suggest we find out the remote network list for which we need the 1st translation (134.x.x.x/32 ), and apply the static rule(might need more than 1 static rule if multiple remote subnets are the case), and similarly one more for the new static we are looking for (for the destination 32.x.x.x/32 ).

Now on some of the other security appliances, we can have a workaround to our scenario, but i'm not sure if the software version running on your concentrator would support this.

Try to remove the static rule for any (1st statement) and then apply the new rule first (to 32.x.x.x/32). After this apply the original static rule (destination to any). The idea is to have more speific static rule first, and then the general (any) static rule for the rest of the destinations. I suggest you try this in a maintenance window to avoid any impact on users.

Let me know if this helps...

Cheers,


Rudresh V

4 REPLIES
Cisco Employee

Re: same host multiple NATs

Hi Anne,

Yes the conflict error that we see is due to the destination ANY of the pre-existing rule. Ideally we need to have more specific static statements in the static rules to have multiple nat for same source. So i would suggest we find out the remote network list for which we need the 1st translation (134.x.x.x/32 ), and apply the static rule(might need more than 1 static rule if multiple remote subnets are the case), and similarly one more for the new static we are looking for (for the destination 32.x.x.x/32 ).

Now on some of the other security appliances, we can have a workaround to our scenario, but i'm not sure if the software version running on your concentrator would support this.

Try to remove the static rule for any (1st statement) and then apply the new rule first (to 32.x.x.x/32). After this apply the original static rule (destination to any). The idea is to have more speific static rule first, and then the general (any) static rule for the rest of the destinations. I suggest you try this in a maintenance window to avoid any impact on users.

Let me know if this helps...

Cheers,


Rudresh V

New Member

Re: same host multiple NATs

Thanks for your reply; this is what I suspected.  I appreciate the confirmation.

Thanks,  Anne

Cisco Employee

Re: same host multiple NATs

Hi Anne,

Can you please mark this discussion answered if you have no other queries.

Good Day,

Rudresh V

Cisco Employee

Re: same host multiple NATs

it will say that becuase you have a generic rule at the top

try the following

remove the generic existing rule

enter the more specific, new rule first

then add the generic old rule

see if this helps

329
Views
0
Helpful
4
Replies