02-06-2009 12:48 AM - edited 03-11-2019 07:47 AM
Hi,
I have a Cisco ASA 5520 and have just added a NAT:
static (inside,DMZ2_Regional) 192.168.21.1 192.168.21.11 netmask 255.255.255.255
Then applied to get this message:
OK] no static (inside,outside) x.x.x.83 192.168.60.11 netmask 255.255.255.255
[OK] no static (inside,outside) 172.30.0.0 access-list policy-nat
[OK] no static (inside,outside) x.x.x.88 192.168.21.30 netmask 255.255.255.255
[OK] no static (inside,DMZ1_Tel_Servers) 192.168.70.11 192.168.70.11 netmask 255.255.255.255
[OK] no static (inside,DMZ1_Tel_Servers) 192.168.20.11 192.168.20.11 netmask 255.255.255.255
[OK] no static (inside,DMZ2_Regional_Network) 192.168.21.14 192.168.21.14 netmask 255.255.255.255
[OK] no static (inside,DMZ1_Tel_Servers) 192.168.21.14 192.168.21.14 netmask 255.255.255.255
[OK] no static (inside,DMZ4_pda) interface 192.168.21.1 netmask 255.255.255.255
[OK] no static (inside,DMZ4_pda) 128.101.10.66 128.101.10.66 netmask 255.255.255.255
[OK] static (inside,DMZ2_Regional_Network) 192.168.21.1 192.168.21.11 netmask 255.255.255.255 tcp 0 0 udp 0
[OK] static (inside,DMZ4_pda) 128.101.10.66 128.101.10.66 netmask 255.255.255.255 tcp 0 0 udp 0
[WARNING] static (inside,DMZ4_pda) interface 192.168.21.1 netmask 255.255.255.255 tcp 0 0 udp 0
static redirecting all traffics at DMZ4_pda interface;
WARNING: all services terminating at DMZ4_pda interface are disabled.
[OK] static (inside,DMZ1_Tel_Servers) 192.168.21.14 192.168.21.14 netmask 255.255.255.255 tcp 0 0 udp 0
[OK] static (inside,DMZ2_Regional_Network) 192.168.21.14 192.168.21.14 netmask 255.255.255.255 tcp 0 0 udp 0
[OK] static (inside,DMZ1_Tel_Servers) 192.168.20.11 192.168.20.11 netmask 255.255.255.255 tcp 0 0 udp 0
[OK] static (inside,DMZ1_Tel_Servers) 192.168.70.11 192.168.70.11 netmask 255.255.255.255 tcp 0 0 udp 0
[OK] static (inside,outside) x.x.x.88 192.168.21.30 netmask 255.255.255.255 tcp 0 0 udp 0
[WARNING] static (inside,outside) 172.30.0.0 access-list policy-nat tcp 0 0 udp 0
real-address conflict with existing static
UDP inside:SVR06/9996 to outside:x.x.x.66/9996 netmask 255.255.255.255
[OK] static (inside,outside) x.x.x.83 192.168.60.11 netmask 255.255.255.255 tcp 0 0 udp 0
Basically what I need to do is make this DMZ 2 which is a regional LAN (lease line with router etc) translate any traffic going from them to 192.168.21.1 (Old DHCP server) to now 192.168.21.11 (New DHCP server).
We don't have access to their router to change their DHCP helper settings to now point to 192.168.21.11 so I thought a NAT could do it?
02-06-2009 05:36 AM
is there any address overlap on ACL ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide