10-02-2011 07:29 AM - edited 03-11-2019 02:33 PM
We have a server placed on the inside segment of the ASA and it is natted to an outside public IP.
static (Inside,Outside) 196.187.5.6 192.168.x.29 netmask 255.255.255.255
There are some services allowed from the outside to this public IP 196.187.5.6.
I was tasked with configuring site to site VPN, so I had to create a NAT for 192.168.x.29 since we had overlapping network addresses on both the sides. So I went ahead and created a static policy nat rule like the one below.
access-list dreamnat extended permit ip host 192.168.x.29 192.168.199.0 255.255.255.0
static (Inside,Outside) 192.168.199.50 access-list dreamnat.
The moment I hit enter after entering the above nat statement I get " INFO: overlap with existing static Inside:192.168.x.29 to Outside:
196.187.5.6 netmask 255.255.255.255"
What I observed is, the firewall accepted the command with an warning but has not stopped any services. I can now ping the inside IP 192.168.199.50 from the other branch and can access the services which are available from the outside via its public IP.
Will this cause any disruption in the near future? Or can I take an alternate route to accomplish this task without the overlap warning message?
Regards
Solved! Go to Solution.
10-02-2011 09:09 PM
You are right, you can just ignore the warning message. As long as the static policy NAT statement is a more specific ACL, then it should not cause any problem at all. Just make sure that you don't add ACL line that might say destination "any" as this will definitely cause issue. Apart from that, you are good with the current configuration.
10-02-2011 09:09 PM
You are right, you can just ignore the warning message. As long as the static policy NAT statement is a more specific ACL, then it should not cause any problem at all. Just make sure that you don't add ACL line that might say destination "any" as this will definitely cause issue. Apart from that, you are good with the current configuration.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide