Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
658
Views
0
Helpful
4
Replies

Overlapping Static

Muhammad.Sajid
Community Member

‎01-31-2005 10:05 AM - edited ‎03-09-2019 10:10 AM

Hello all,

I would like to know if I can configure static commands with overlapping addresses and it works. For e.g. if I have an a­ddress that is already covered in a net static statement like:

static (inside,outside) 192.168.10.0 192.168.10.0 netmask 25­5.255.255.0 0 0

but for one specific host I would like to specify the number­ of connections that this host can open by:

static (inside,outside) 192.168.10.50 192.168.10.50 netmask 255.255.255.255 500 0

After putting the second statement, it is noticed that PIX w­ould take it with a warning/error of overlapping addresses but won't t­ake the

"netmask" keyword. But how would I make sure that it is act­ually using my second statement for this particular host???

Has anyone tried this before. Please let me know your exper­ience.

Thanks in advance.

Atif

Labels:
0 Helpful
4 Replies 4

scoclayton
Level 11
Level 11

‎01-31-2005 10:46 AM

Static statements are read in a top down fashion. Try putting your more specific static higher in the configuration than your network static and see if that helps. This will probably require that you remove both statements from the config, do a 'cl xlate', and then add the statements back in the order specified above.

Let me know if this doesn't help.

Scott

0 Helpful

gfullage
Cisco Employee
Cisco Employee
In response to scoclayton

‎01-31-2005 08:28 PM

As Scott said, statics are read top-down. If you do as he says and put the more specific one in first, then the PIX doesn't complain and it should work fine. Here's output from my PIX showing you can add them in:

sv-2-3(config)# sho static

static (inside,outside) 192.168.10.50 192.168.10.50 netmask 255.255.255.255 500 0

static (inside,outside) 192.168.10.0 192.168.10.0 netmask 255.255.255.0 0 0

Now, as to whether it'll actually work the way you want it to, I haven't tested. There shouldn't be any reason why it wouldn't work though.

0 Helpful

csoans
Level 1
Level 1

‎01-31-2005 01:40 PM

Atif,

Is this a typo or is this exactly what was typed into the pix

static (inside,outside) 192.168.10.50 192.168.10.50 netmask 255.255.255.255 500 0

if this is the case make sure you change it to the line shown below and you should be fine

static (inside,outside) 192.168.10.50 192.168.10.50 netmask 255.255.255.255 0 0

0 Helpful

Muhammad.Sajid
Community Member
In response to csoans

‎02-01-2005 07:15 AM

No its not typo because I want to specify the number of connections that this host can open at one time.

However, I have tested it by changing the sequence and it worked for me.

So thanks for all your suggestions and help.

0 Helpful
Customers Also Viewed These Support Documents