https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071810#M402495 <HTML><HEAD></HEAD><BODY><P style="border-collapse: collapse; font-size: 0.8889em; list-style: none; padding: 0px 0px 18px; color: #777777; font-family: Arial, verdana, sans-serif;"> WARNING: mapped-address conflict with existing static</P><DIV style="border-collapse: collapse; list-style: none; margin: 0px 0px 20px; padding: 2px; overflow: visible; position: relative; zoom: 1; width: 575.183349609375px;"><P style="border-collapse: collapse; list-style: none;">&nbsp; TCP ISP2:0.0.0.0/80 to inside:0.0.0.0/80 netmask 0.0.0.0</P><P style="border-collapse: collapse; list-style: none;">ERROR: unable to reserve port 80 for static PAT</P><P style="border-collapse: collapse; list-style: none;">ERROR: unable to download policy</P><P></P><P></P><P style="border-collapse: collapse; list-style: none;">this does not seem to work</P><P></P><P></P><P>hmmm </P></DIV></BODY></HTML> Thu, 18 Oct 2012 18:27:46 GMT t805139 2012-10-18T18:27:46Z https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071806#M402491 <P>Good Day, I have a question ,</P><P></P><P>I have a ASA 5505 and 2 isp's and a security plus license, what I am trying to accomplish is the following</P><P></P><P>ISP1 = Default Route</P><P>ISP2 = Special Traffic</P><P></P><P>What I have done is </P><P></P><P>route ISP1 0 0 ( My ISP 1 DFG ) 1</P><P>route ISP2 0 0 ( My ISP 2 DFG) 254</P><P>static (ISP2,inside) tcp 0.0.0.0 80 0.0.0.0 80</P><P>static (ISP2,inside) tcp 0.0.0.0 443 0.0.0.0 443</P><P>sysopt noproxyarp inside</P><P></P><P>Now I do have a web service that I need to go out ISP1 that uses port 80</P><P></P><P>Now to my Question !!!</P><P></P><P>if I add an additional route like</P><P>route ISP1 xxx.xxx.xxx.xxx 255.255.255.255 ( My ISP 1 DFG ) 1</P><P></P><P>Will the ASA follow the route statement or the static statement?</P> Tue, 12 Mar 2019 00:11:20 GMT https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071806#M402491 t805139 2019-03-12T00:11:20Z https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071807#M402492 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>I would say it will follow the static nat statement,</P><P></P><P>What you could do is to configure a static nat statement for that web-server on the ISP1 and put it on the top of the hierarchy of NAT statements,</P><P></P><P>Regards,</P></BODY></HTML> Thu, 18 Oct 2012 16:59:26 GMT https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071807#M402492 Julio Carvajal 2012-10-18T16:59:26Z https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071808#M402493 <HTML><HEAD></HEAD><BODY><P>I just though about that so it would look like this</P><P></P><P>static (ISP1,inside) tcp 0.0.0.0 80 xxx.xxx.xxx.xxx8 80</P><P>static (ISP1,inside) tcp 0.0.0.0 443 xxx.xxx.xxx.xxx 443</P><P>static (ISP1,inside) tcp 0.0.0.0 80 yyy.yyy.yyy.yyy 80</P><P>static (ISP1,inside) tcp 0.0.0.0 443 yyy.yyy.yyy.yyy 443</P><P>static (ISP2,inside) tcp 0.0.0.0 80 0.0.0.0 80</P><P>static (ISP2,inside) tcp 0.0.0.0 443 0.0.0.0 443</P><P>sysopt noproxyarp inside</P><P></P><P></P><P>xxx.xxx.xxx.xxx and yyy.yyy.yyy.yyy are the 2 web pages I need going out ISP1</P></BODY></HTML> Thu, 18 Oct 2012 17:01:47 GMT https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071808#M402493 t805139 2012-10-18T17:01:47Z https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071809#M402494 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Well why dont you be more specific, on the ISP1 nat you should use the especific IP addresses instead of 0.0.0.0</P><P></P><P>Regards,</P></BODY></HTML> Thu, 18 Oct 2012 17:03:09 GMT https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071809#M402494 Julio Carvajal 2012-10-18T17:03:09Z https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071810#M402495 <HTML><HEAD></HEAD><BODY><P style="border-collapse: collapse; font-size: 0.8889em; list-style: none; padding: 0px 0px 18px; color: #777777; font-family: Arial, verdana, sans-serif;"> WARNING: mapped-address conflict with existing static</P><DIV style="border-collapse: collapse; list-style: none; margin: 0px 0px 20px; padding: 2px; overflow: visible; position: relative; zoom: 1; width: 575.183349609375px;"><P style="border-collapse: collapse; list-style: none;">&nbsp; TCP ISP2:0.0.0.0/80 to inside:0.0.0.0/80 netmask 0.0.0.0</P><P style="border-collapse: collapse; list-style: none;">ERROR: unable to reserve port 80 for static PAT</P><P style="border-collapse: collapse; list-style: none;">ERROR: unable to download policy</P><P></P><P></P><P style="border-collapse: collapse; list-style: none;">this does not seem to work</P><P></P><P></P><P>hmmm </P></DIV></BODY></HTML> Thu, 18 Oct 2012 18:27:46 GMT https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071810#M402495 t805139 2012-10-18T18:27:46Z https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071811#M402496 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Share the updated config</P></BODY></HTML> Thu, 18 Oct 2012 18:35:57 GMT https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071811#M402496 Julio Carvajal 2012-10-18T18:35:57Z https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071812#M402497 <HTML><HEAD></HEAD><BODY><P>static (ISP2,inside) tcp 0.0.0.0 www 0.0.0.0 www netmask 0.0.0.0</P><P>static (ISP2,inside) tcp 0.0.0.0 https 0.0.0.0 https netmask 0.0.0.0</P><P></P><P>and as soon as i try the more specifuic nat i says it has need reserved</P></BODY></HTML> Thu, 18 Oct 2012 18:38:51 GMT https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071812#M402497 t805139 2012-10-18T18:38:51Z https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071813#M402498 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Correct,</P><P></P><P>Because you need to remove the previous ones first,</P><P></P><P>Now on the more specific ones use specific IP's </P><P></P><P>So it will be </P><P>no static (ISP2,inside) tcp 0.0.0.0 www 0.0.0.0 www netmask 0.0.0.0</P><P>no static (ISP2,inside) tcp 0.0.0.0 https 0.0.0.0 https netmask 0.0.0.0</P><P>static(ISP1,INSIDE) TCP 4.2.2.2 80 XX.X.X 80</P><P>static (ISP2,inside) tcp 0.0.0.0 https 0.0.0.0 https netmask 0.0.0.0</P><P>static (ISP2,inside) tcp 0.0.0.0 www 0.0.0.0 www netmask 0.0.0.0</P></BODY></HTML> Thu, 18 Oct 2012 18:46:30 GMT https://community.cisco.com/t5/network-security/static-vs-route/m-p/2071813#M402498 Julio Carvajal 2012-10-18T18:46:30Z