Ahh but the DMZ is 10.3.200.*/24 not 10.3.100.*

and the remote access VPN ACL has a 10.3.100.0/24

See my dilemma? These are sperate networks techincaly, but it says they overlap..

technically (misspelled it)

Ho, I understand now

.

If I try to simplify the issue, your static statement are simple enought and are not the problem. This leave a conflict between them and the nat 0. If I was in your place, I think I would try changing it to

access-list REMOTE_ACCESS_NAT extended permit ip 10.3.100.0 255.255.255.0 10.3.0.2 255.255.X.X

+ 1 other line for the DMZ1.

If this does not work, I'll be out of ideas.

Thanks, but could you put it in the proper syntax? I don't think I understand?

Here is the latest config. I even stopped using a zero subnet and I'm still getting this when I apply the static statement.

INFO: Global address overlaps with NAT exempt configuration

Hi ... Can you try changing the below :

global (DMZ1) 1 10.3.200.11-10.3.200.20

to

global (DMZ1) 2 10.3.200.11-10.3.200.20

and adding

nat (inside) 2 0.0.0.0 0.0.0.0

Sorry for the slow reponse, I had to go out of town. After changing the global statement and I add the "nat (inside) 2 0.0.0.0 0.0.0.0" I get "Duplicate NAT entry".

Hi .. can you try this

access-list testing permit ip any any

no global (DMZ1) 1 10.3.200.11-10.3.200.20

global (DMZ1) 2 10.3.200.11-10.3.200.20

clear xlate

and then adding

nat (inside) 2 access-list testing

I created this access-list:

access-list testing permit ip any any

then I performed your changes without error, is there a way to do it with out policy based natting?

for some reason it doe snot like to have the same entry on a nat even thought you use a differenet nat id.

Yeah. I'm still leaning towards bug in the IOS...