01-20-2011 12:41 PM - edited 03-11-2019 12:38 PM
WARNING: The IP address, 6x.172.214.193, of the 'outside' interface overlaps with
the static defined by:
'static (inside, outside) 10.2.28.0 10.2.28.0 netmask 255.255.255.255'.
Can someone please tell me what this means exactly and how I might resolve it?
Thank you,
Thomas
01-20-2011 02:15 PM
Hi,
Are you sure you're getting that exact error?
I replied to your original request because the IP was overlapping, however that's not the case with this static statement.
Additionally unless the outside of the PIX has a private segment, you shouldn't do identity NAT for the inside LAN because it cannot be NATed to the Internet then.
Federico.
01-20-2011 02:19 PM
Federico,
That's the exact WARNING: from the Output Interpreter. It's a different error than the first one you helped me with.
I'm not sure what you mean here "you shouldn't do identity NAT for the inside LAN because it cannot be NATed to the Internet then."
Thank you,
Thomas
01-20-2011 02:25 PM
I don't think its an accurate error message.
What I'm saying is that you have the LAN with a private IP address (inside), then you have the outside with a public IP...
In this way the ASA can NAT and provide Internet access to the LAN...
If you do the static mentioned, then the ASA will not NAT the traffic but instead will keep the same IP addressing scheme for the inside network (the inside network will not have Internet then because it's not going to be translated to a public IP).
My question will be... what's the purpose of having that static you defined on the configuration?
Federico.
01-20-2011 02:40 PM
Federico,
That's what I mean. I think it's bad configuration and was considering removing that line. But I was wondering why the Output Interpreter thought that 6x.172.214.193 was overlapping 10.2.28.0 10.2.28.0 in the static statement. How could they be overlapping if they're not even the same subnet? 10.2.28.0 is our subnet address by the way.
I took over this network and I'm trying to sort it all out.
Thank you,
Thomas
01-20-2011 08:57 PM
Why is the mask /32 bit on the static statement? Is this a host address? 10.2.28.0? or should the mask be 255.255.255.0?
'static (inside, outside) 10.2.28.0 10.2.28.0 netmask 255.255.255.255'.
Are you seeing this under ASDM? Looks very similar to a defect that I filed a while ago.
Resolved in the latest ASDM.
Symptom:
ASDM incorrectly says "IP Address conflicts with interface broadcast address." while trying to add an snmp-server IP address.
Conditions:
This was first observed in ASA running 8.0.2 and ASDM 6.0.2
Workaround:
Use CLI to add the snmp-server
Further Problem Description:
If the interface is configured with a 30 bit mask and if you try to add any other IP belonging to other subnet which would be a broad cast address if applied a 30 bit mask that is applied on the interface address, then ASDM will throw an error that says "IP Address conflicts with interface broadcast address."
Example:
interface Ethernet0/3
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.252
Try to add 172.30.1.143 as snmp-server using ASDM and you will see the error.
-KS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide