rocketlauncher
Programmer
Hello all,
We just got an Cisco ASA5510 and we have configured for internet and dmz, and that's working fine, but I tried to configure VPN client access based on cisco document and I get the following Info messsage when I try to configure the NAT (inside) 0 access-list comand:
INFO: Outside address overlap with static NAT configuration
I've checked and doublecheked and no network or ip address are overlapping, it's driving my insane.
I have three other sites with pixes and used the same type of configuration except for network and those kind of things and they're working fine.
My config is below.
Please help!
Thanks!
------------------------------------
MYHOSTANME(config)# show run
: Saved
:
ASA Version 7.1(2)
!
hostname MYHOSTANME
domain-name MYDOMAINNAME
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address OUTSIDE-ADDRESS 255.255.255.224
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.16.13.1 255.255.255.0
!
interface Ethernet0/2
speed 100
duplex full
nameif dmz
security-level 50
ip address 172.16.12.1 255.255.255.0
!
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
!
dns server-group DefaultDNS
domain-name MYDOMAINNAME
access-list 110 extended permit ip 172.16.13.0 255.255.255.0 192.168.20.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu management 1500
ip local pool VPN-POOL 192.168.20.20-192.168.20.35
icmp deny any outside
global (outside) 1 OUTSIDE-ADDRESS-2
nat (inside) 0 access-list 110
nat (inside) 1 172.16.13.0 255.255.255.0
static (inside,dmz) 172.16.13.0 172.16.13.0 netmask 255.255.255.0
route outside 0.0.0.0 0.0.0.0 70.234.6.193 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS host RADIUS-SERVER
timeout 5
key radauth
aaa authentication ssh console LOCAL
aaa authentication serial console LOCAL
aaa authentication telnet console RADIUS
no snmp-server location
no snmp-server contact
end
------------------------------
Thanks,
Rocket
We just got an Cisco ASA5510 and we have configured for internet and dmz, and that's working fine, but I tried to configure VPN client access based on cisco document and I get the following Info messsage when I try to configure the NAT (inside) 0 access-list comand:
INFO: Outside address overlap with static NAT configuration
I've checked and doublecheked and no network or ip address are overlapping, it's driving my insane.
I have three other sites with pixes and used the same type of configuration except for network and those kind of things and they're working fine.
My config is below.
Please help!
Thanks!
------------------------------------
MYHOSTANME(config)# show run
: Saved
:
ASA Version 7.1(2)
!
hostname MYHOSTANME
domain-name MYDOMAINNAME
names
!
interface Ethernet0/0
nameif outside
security-level 0
ip address OUTSIDE-ADDRESS 255.255.255.224
!
interface Ethernet0/1
nameif inside
security-level 100
ip address 172.16.13.1 255.255.255.0
!
interface Ethernet0/2
speed 100
duplex full
nameif dmz
security-level 50
ip address 172.16.12.1 255.255.255.0
!
interface Management0/0
shutdown
nameif management
security-level 100
no ip address
management-only
!
dns server-group DefaultDNS
domain-name MYDOMAINNAME
access-list 110 extended permit ip 172.16.13.0 255.255.255.0 192.168.20.0 255.255.255.0
pager lines 24
mtu outside 1500
mtu inside 1500
mtu dmz 1500
mtu management 1500
ip local pool VPN-POOL 192.168.20.20-192.168.20.35
icmp deny any outside
global (outside) 1 OUTSIDE-ADDRESS-2
nat (inside) 0 access-list 110
nat (inside) 1 172.16.13.0 255.255.255.0
static (inside,dmz) 172.16.13.0 172.16.13.0 netmask 255.255.255.0
route outside 0.0.0.0 0.0.0.0 70.234.6.193 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server RADIUS protocol radius
aaa-server RADIUS host RADIUS-SERVER
timeout 5
key radauth
aaa authentication ssh console LOCAL
aaa authentication serial console LOCAL
aaa authentication telnet console RADIUS
no snmp-server location
no snmp-server contact
end
------------------------------
Thanks,
Rocket
