cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
450
Views
0
Helpful
0
Replies
Highlighted
Beginner

Anyconnect VPN - NAT Warning: overlap with existing pool

I'm not sure what's going on here, I'm setting up a new Anyconnect VPN on my ASA5555-X v9.5(2)6. The last piece of the puzzle is the identity NAT, but I get the following error:

WARNING: Pool (10.167.253.0-10.167.253.255) overlap with existing pool.

My 2 NAT policies that seem to be conflicting are:

Manual NAT Policies (Section 1)
1 (blacknet) to (broadnet) source static VPN-A VPN-A destination static WB-FW2-SUBNETS WB-FW2-SUBNETS no-proxy-arp route-lookup
    translate_hits = 0, untranslate_hits = 0
    Source - Origin: 10.167.253.12/32, 10.167.253.24/32, 10.167.253.19/32, 10.167.253.40/32, Translated: 10.167.253.12/32, 10.167.253.24/32, 10.167.253.19/32, 10.167.253.40/32
    Destination - Origin: 192.168.61.128/27, 192.168.61.32/27, Translated: 192.168.61.128/27, 192.168.61.32/27
2 (blacknet) to (broadnet) source static BLACK-NETWORK BLACK-NETWORK  destination static NETWORK_OBJ_192.168.155.0_29 NETWORK_OBJ_192.168.155.0_29 no-proxy-arp route-lookup
    translate_hits = 0, untranslate_hits = 0
    Source - Origin: 10.167.253.0/24, Translated: 10.167.253.0/24
    Destination - Origin: 192.168.155.0/29, Translated: 192.168.155.0/29

I cannot see what's wrong here, I see no overlap.

Policy (1) above is for an IPSEC Site-to-Site VPN, and Policy (2) is for the new Anyconnect VPN.

Is this a bug? Any help appreciated.

0 REPLIES 0