11-08-2005 06:17 AM - edited 02-21-2020 12:30 AM
in 6.3.4 i had 2 statics nat on the same local ip address:
static (dmz,outside) 111.111.111.111 10.20.20.6 netmask 255.255.255.255 0 0
static (dmz,outside) 222.222.222.222 10.20.20.6 netmask 255.255.255.255 0 0
i upgrade the pix with 6.3.5, and the second nat was remove and now i'm not able to add it again, the error message is "duplicate entry..."
how to resolve this problem?
11-08-2005 07:57 AM
The same ip address cannot be mapped to two different ips on same interface.
6.3.4 took the command. Guess there is a bug in that code. But it does not work properly in that code. It kind of confuses the pix on the translation.
The error message which you are getting is right because the pix is not supposed to take the second static for the same ip.
11-09-2005 04:54 PM
imagine a packet orginated from 10.20.20.6 and destined for the internet. now, pix will lookup the static statement and the pix will not be able to determine which one should be used.
just wondering what sort of service is the server running. maybe the workaround is to configure port forwarding.
e.g.
static (dmz,outside) tcp 1.1.1.1 80 10.20.20.6 80 netmask 255.255.255.255
static (dmz,outside) tcp 2.2.2.2 25 10.20.20.6 25 netmask 255.255.255.255
with the sample above, internet service is running with 1.1.1.1; whereas email service is running with 2.2.2.2
11-10-2005 10:18 AM
Why don't you just give the dmz server a secondary internalIP address. That is pretty easy whether the server is Windows or NIX based.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide