10-11-2017 02:22 AM - edited 03-12-2019 04:37 AM
I'm a newbie in Cisco configuration and I face a problem.
I have 2 ASA 5505 in two different branches. A VPN is established.
On the second branch I have only 1 public static IP that is used for the outside address of the ASA.
I need to make a PAT to publish the www port of a server but if I try to config the PAT I receive the error that say I can't do it because there is an address overlap with the outside address.
I cannot upgrade to a subnet of 8 IP.
There is a way to accomplish that keeping my VPN up?
Solved! Go to Solution.
10-11-2017 06:44 AM
Hello @Diego Rigorini,
In order to make it work, you need to use the keyword "Interface" since if you don´t the ASA will think this is a new IP address and when it checks it finds is the same as the outside interface, that´s why you have the error, change it for this:
Object network mytest
nat (inside,outside) static interface service tcp www www
HTH
Gio
10-11-2017 04:48 AM
When you say VPN do you mean a remote access SSL VPN? By default that uses port 443 but you can change it to some other port and thus free up 443 for your web server.
Instructions for doing that can be found here:
10-11-2017 05:02 AM
10-11-2017 06:44 AM
Hello @Diego Rigorini,
In order to make it work, you need to use the keyword "Interface" since if you don´t the ASA will think this is a new IP address and when it checks it finds is the same as the outside interface, that´s why you have the error, change it for this:
Object network mytest
nat (inside,outside) static interface service tcp www www
HTH
Gio
10-12-2017 02:16 AM
It works!
Thank you very much.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide