I have a Cisco PIX-515E firewall Version 6.3(1)
I want to open a connection between a server (10.10.10.12) on the DMZ zone to a server (192.168.111.63) on the Inside zone through port 902.
I execute following command:
name(config)# static (DMZ,Inside) 192.168.111.63 10.10.10.12 netmask 255.255.255.255
But I get following error:
ERROR: static overlaps with 10.10.10.12 to 10.10.10.12
Are there anyone who can tell me why I get this error, please?
I have attached the access-list from the firewall
name(config)# show access-list
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 1024)
alert-interval 300
access-list 100; 4 elements
access-list 100 line 1 permit icmp any any (hitcnt=149267)
access-list 100 line 2 permit tcp any host 87.xx.xx.xx eq access-list 100 line 3 permit tcp any host 87.xx.xx.xx eq https (hitcnt=2490)
access-list 100 line 4 permit tcp any host 87.xx.xx.xx eq 30000 (hitcnt=2)
access-list 101; 1 elements
access-list 101 line 1 permit ip any any (hitcnt=630192)
access-list 102; 9 elements
access-list 102 line 1 permit icmp any any (hitcnt=2997)
access-list 102 line 2 permit tcp host 10.10.10.12 host 10.10.10.11 eq telnet (hitcnt=0)
access-list 102 line 3 permit tcp host 10.10.10.12 host 192.168.111.18 eq 30001 (hitcnt=0)
access-list 102 line 4 permit tcp host 10.10.10.12 host 192.168.111.18 eq 30002 (hitcnt=0)
access-list 102 line 5 permit tcp host 10.10.10.12 host 192.168.111.18 eq 30011 (hitcnt=0)
access-list 102 line 6 permit tcp host 10.10.10.12 host 192.168.111.18 eq 30012 (hitcnt=0)
access-list 102 line 7 permit ip host 10.10.10.12 any (hitcnt=44172)
access-list 102 line 8 permit tcp host 10.10.10.12 host 10.10.10.12 eq 2967 (hitcnt=0)
access-list 102 line 9 permit tcp host 10.10.10.12 host 192.168.111.34 range 11000 11069 (hitcnt=0)
access-list inside_outbound_nat0_acl; 2 elements
access-list inside_outbound_nat0_acl line 1 permit ip any 192.168.111.80 255.255.255.240 (hitcnt=0)
access-list inside_outbound_nat0_acl line 2 permit ip 192.168.111.0 255.255.255.0 192.168.111.96 255.255.255.252 (hitcnt=0)
access-list 90; 1 elements
access-list 90 line 1 permit ip 192.168.111.0 255.255.255.0 192.168.111.96 255.255.255.252 (hitcnt=0)
name(config)#
I want to open a connection between a server (10.10.10.12) on the DMZ zone to a server (192.168.111.63) on the Inside zone through port 902.
I execute following command:
name(config)# static (DMZ,Inside) 192.168.111.63 10.10.10.12 netmask 255.255.255.255
But I get following error:
ERROR: static overlaps with 10.10.10.12 to 10.10.10.12
Are there anyone who can tell me why I get this error, please?
I have attached the access-list from the firewall
name(config)# show access-list
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 1024)
alert-interval 300
access-list 100; 4 elements
access-list 100 line 1 permit icmp any any (hitcnt=149267)
access-list 100 line 2 permit tcp any host 87.xx.xx.xx eq access-list 100 line 3 permit tcp any host 87.xx.xx.xx eq https (hitcnt=2490)
access-list 100 line 4 permit tcp any host 87.xx.xx.xx eq 30000 (hitcnt=2)
access-list 101; 1 elements
access-list 101 line 1 permit ip any any (hitcnt=630192)
access-list 102; 9 elements
access-list 102 line 1 permit icmp any any (hitcnt=2997)
access-list 102 line 2 permit tcp host 10.10.10.12 host 10.10.10.11 eq telnet (hitcnt=0)
access-list 102 line 3 permit tcp host 10.10.10.12 host 192.168.111.18 eq 30001 (hitcnt=0)
access-list 102 line 4 permit tcp host 10.10.10.12 host 192.168.111.18 eq 30002 (hitcnt=0)
access-list 102 line 5 permit tcp host 10.10.10.12 host 192.168.111.18 eq 30011 (hitcnt=0)
access-list 102 line 6 permit tcp host 10.10.10.12 host 192.168.111.18 eq 30012 (hitcnt=0)
access-list 102 line 7 permit ip host 10.10.10.12 any (hitcnt=44172)
access-list 102 line 8 permit tcp host 10.10.10.12 host 10.10.10.12 eq 2967 (hitcnt=0)
access-list 102 line 9 permit tcp host 10.10.10.12 host 192.168.111.34 range 11000 11069 (hitcnt=0)
access-list inside_outbound_nat0_acl; 2 elements
access-list inside_outbound_nat0_acl line 1 permit ip any 192.168.111.80 255.255.255.240 (hitcnt=0)
access-list inside_outbound_nat0_acl line 2 permit ip 192.168.111.0 255.255.255.0 192.168.111.96 255.255.255.252 (hitcnt=0)
access-list 90; 1 elements
access-list 90 line 1 permit ip 192.168.111.0 255.255.255.0 192.168.111.96 255.255.255.252 (hitcnt=0)
name(config)#