Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2499
Views
0
Helpful
8
Replies

Nat Multiple Ports of Email Server on Single public IP ASA 9.2

Go to solution
Ahmad-Maan
Level 1
Level 1

‎02-10-2016 10:09 PM - edited ‎03-12-2019 12:16 AM

I am trying to NAT email server with multiple ports on single Public ip at ASA 5515 9.2 version when i send NAT command to the firewall following error occurred can some one help in this regard.

ERROR: Address X.X.X.X overlaps with OUTSIDE interface address.

ERROR: NAT Policy is not downloaded.

1 person had this problem
Labels:
0 Helpful
3 Accepted Solutions

Accepted Solutions

Go to solution
Marius Gunnerud
VIP
VIP

‎02-10-2016 10:13 PM

Would help if you posted the command you are trying to issue.

But by the looks of the error the public address you are trying to NAT to possibly has a mask that causes it to overlap with the IP of the outside interface.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Ahmad-Maan

‎02-11-2016 12:44 AM

Where x.x.x.x is the outside interface IP? you need to specify the ports to translate to. for example

nat (INSIDE,OUTSIDE) static x.x.x.x service tcp smtp smtp

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Ahmad-Maan

‎02-11-2016 12:48 AM

Actually try using the interface keyword...that is if x.x.x.x is the same IP as the outside interface.

nat (INSIDE,OUTSIDE) static interface service tcp smtp smtp

remember to add ports to the NAT statement or all traffic will be NATed to the mail server and no other hosts will be able to access internet.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

0 Helpful
8 Replies 8

Go to solution
Marius Gunnerud
VIP
VIP

‎02-10-2016 10:13 PM

Would help if you posted the command you are trying to issue.

But by the looks of the error the public address you are trying to NAT to possibly has a mask that causes it to overlap with the IP of the outside interface.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Ahmad-Maan
Level 1
Level 1
In response to Marius Gunnerud

‎02-11-2016 12:37 AM

Following commands issuing at asa 9.2 for mapping public ip with ports forwarding.

 object network Email-Server
     host x.x.x.x 

ccess-list INBOUND extended permit tcp any host x.x.x.x eq smtp
access-list INBOUND extended permit tcp any host x.x.x.x eq www
access-list INBOUND extended permit tcp any host x.x.x.x eq pop3
access-list INBOUND extended permit tcp any host x.x.x.x eq imap4
access-list INBOUND extended permit tcp any host x.x.x.x eq https
access-list INBOUND extended permit tcp any host x.x.x.x eq 587

nat (INSIDE,OUTSIDE) static x.x.x.x
ERROR: Address x.x.x.x overlaps with OUTSIDE interface address.
ERROR: NAT Policy is not downloaded

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Ahmad-Maan

‎02-11-2016 12:44 AM

Where x.x.x.x is the outside interface IP? you need to specify the ports to translate to. for example

nat (INSIDE,OUTSIDE) static x.x.x.x service tcp smtp smtp

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Ahmad-Maan
Level 1
Level 1
In response to Marius Gunnerud

‎02-11-2016 01:53 AM

Marius Gunnerud!

can you please send me configuration sample which will meet my requirement.

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Ahmad-Maan

‎02-11-2016 02:35 AM

object service smtp_port

  service tcp source eq 25

object network Email-Server
     host x.x.x.x 

nat (INSIDE,OUTSIDE) static interface service smtp_port smtp_port

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Ahmad-Maan
Level 1
Level 1
In response to Marius Gunnerud

‎02-11-2016 06:08 AM

i am issuing the command as you suggested but no luck.

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Ahmad-Maan

‎02-12-2016 02:24 PM

When you say no luck, what do you mean? commands aren't accepted or no connection through the firewall?

Have you added this IP to the outside interface ACL?

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to Ahmad-Maan

‎02-11-2016 12:48 AM

Actually try using the interface keyword...that is if x.x.x.x is the same IP as the outside interface.

nat (INSIDE,OUTSIDE) static interface service tcp smtp smtp

remember to add ports to the NAT statement or all traffic will be NATed to the mail server and no other hosts will be able to access internet.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card