Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
471
Views
0
Helpful
6
Replies

when i doing global NAT then show error message

SK Faisal
Level 1
Level 1

‎06-10-2013 11:22 PM - edited ‎03-12-2019 06:05 PM

interface Ethernet0/0

security-level 0

nameif outside

ip address 200.200.200.1 255.255.255.252

exit

interface Ethernet0/1

security-level 100

nameif inside

ip address 192.168.1.1 255.255.255.0

!

!

nat (inside) 1 192.168.1.0 255.255.255.0

global (outside) 1 200.200.200.1

Error: 200.200.200.1-200.200.200.1 overlaps with outside interface address

route outside 0.0.0.0 0.0.0.0 200.200.200.2 1

dhcpd ping_timeout 3000

!

dhcpd address 192.168.1.2-192.168.1.254 inside

dhcpd enable inside

!

threat-detection basic-threat

Labels:
0 Helpful
6 Replies 6

Jouni Forss
VIP Alumni
VIP Alumni

‎06-10-2013 11:28 PM

Hi,

When you use the "outside" interface IP address on the Dynamic PAT configuration with the "global" command then you use the keyword "interface" instead

For example

global (outside) 1 interface

It will  then use the IP address you mention.

Hope this helps

Please remember to mark the reply as the correct answer if it answered your question.

Ask more if needed

- Jouni

0 Helpful

SK Faisal
Level 1
Level 1
In response to Jouni Forss

‎06-10-2013 11:35 PM

global (outside) 1 interface

global for this range already exists

0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to SK Faisal

‎06-11-2013 12:18 AM

Hi,

Well then you already have some existing configuration using the interface IP address.

Can you share the output of

show run global

show run nat

- Jouni

0 Helpful

SK Faisal
Level 1
Level 1
In response to Jouni Forss

‎06-11-2013 03:35 AM

ciscoasa(config)# sh run global

global (outside) 1 interface

ciscoasa(config)# sh run nat

nat (inside) 1 192.168.1.0 255.255.255.0

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to SK Faisal

‎06-11-2013 03:46 AM

Hi,

can you try clear configure nat and then renter the nat statements with the global one referencing the interface.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Jouni Forss
VIP Alumni
VIP Alumni
In response to SK Faisal

‎06-11-2013 03:52 AM

Hi,

You dont really have any need to add the configuration

global (outside) 1 200.200.200.1

Since you already have

global (outside) 1 interface

And they are the same

global (outside) 1 interface = global (outside) 200.200.200.1

I am not sure what you want to do here since you are trying to add a configuration command that you actually have already on the device.

If you want to add more source network under the same Dynamic PAT then you can use the format

nat () 1

Where you naturally replace the

  • = with the "nameif" of the interface where the source network resides
  • = with the source networks network address
  • = with the network mask of the source network being added

Hope this helps

If this hasnt already answered your question then please specify what you are trying to achieve exactly.

- Jouni

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card