Re: Conflicting statics(?)

ph0enix · ‎06-29-2006

When the firewall boots, I get a message about conflicting statics. Despite the message everything seems to work as expected.

Maybe I'm blind but I just don't see it:

static (inside,outside) tcp interface 3389 192.168.0.250 3389 netmask 255.255.255.255

static (dmz,outside) tcp interface 7475 10.0.0.2 10000 netmask 255.255.255.255

static (dmz,outside) tcp interface ftp 10.0.0.2 ssh netmask 255.255.255.255

static (inside,outside) tcp interface 7456 192.168.0.10 ftp netmask 255.255.255.255

static (inside,outside) tcp interface www 192.168.0.225 www netmask 255.255.255.255

static (inside,dmz) 192.168.0.0 192.168.0.0 netmask 255.255.255.0

Can you help me figure it out?

Thanks!

grant.maynard · ‎06-29-2006

nope, looks alright to me.

hemendoz · ‎06-29-2006

Can you paste the error message as it appears during bootup please.

ph0enix · ‎06-29-2006

Unfortunately, I only got to see a part of the message on the console and I didn't have logging enabled during last boot. What I could see said "conflicting static" and it gave the config line number.

Could it have something to do with these NAT commands?

nat (inside) 0 access-list nonat

nat (inside) 1 192.168.0.0 255.255.255.0

nat (dmz) 1 10.0.0.0 255.255.255.0

hemendoz · ‎06-29-2006

In and of themselves, there is nothing wrong with those statements. Why don't you use hypterterm and record your session? That way you can capture the exact error message.

ph0enix · ‎06-30-2006

I'll do that the next time the firewall reboots - it probably won't happen for a few months though (unless there is a problem).

ph0enix · ‎07-13-2006

I just discovered a great command "show startup errors" - DUH?!

Here's the exact message:

WARNING: conflicting statics in startup configuration

*** Output from config line 88, "static (dmz,outside) tcp..."