Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Error: Static overlaps on PIX-515e

Status
Not open for further replies.

tajk

IS-IT--Management
Sep 5, 2013
1
FR
I have a Cisco PIX-515E firewall Version 6.3(1)

I want to open a connection between a server (10.10.10.12) on the DMZ zone to a server (192.168.111.63) on the Inside zone through port 902.

I execute following command:

name(config)# static (DMZ,Inside) 192.168.111.63 10.10.10.12 netmask 255.255.255.255

But I get following error:

ERROR: static overlaps with 10.10.10.12 to 10.10.10.12

Are there anyone who can tell me why I get this error, please?

I have attached the access-list from the firewall


name(config)# show access-list
access-list cached ACL log flows: total 0, denied 0 (deny-flow-max 1024)
alert-interval 300
access-list 100; 4 elements
access-list 100 line 1 permit icmp any any (hitcnt=149267)
access-list 100 line 2 permit tcp any host 87.xx.xx.xx eq access-list 100 line 3 permit tcp any host 87.xx.xx.xx eq https (hitcnt=2490)
access-list 100 line 4 permit tcp any host 87.xx.xx.xx eq 30000 (hitcnt=2)
access-list 101; 1 elements
access-list 101 line 1 permit ip any any (hitcnt=630192)
access-list 102; 9 elements
access-list 102 line 1 permit icmp any any (hitcnt=2997)
access-list 102 line 2 permit tcp host 10.10.10.12 host 10.10.10.11 eq telnet (hitcnt=0)
access-list 102 line 3 permit tcp host 10.10.10.12 host 192.168.111.18 eq 30001 (hitcnt=0)
access-list 102 line 4 permit tcp host 10.10.10.12 host 192.168.111.18 eq 30002 (hitcnt=0)
access-list 102 line 5 permit tcp host 10.10.10.12 host 192.168.111.18 eq 30011 (hitcnt=0)
access-list 102 line 6 permit tcp host 10.10.10.12 host 192.168.111.18 eq 30012 (hitcnt=0)
access-list 102 line 7 permit ip host 10.10.10.12 any (hitcnt=44172)
access-list 102 line 8 permit tcp host 10.10.10.12 host 10.10.10.12 eq 2967 (hitcnt=0)
access-list 102 line 9 permit tcp host 10.10.10.12 host 192.168.111.34 range 11000 11069 (hitcnt=0)
access-list inside_outbound_nat0_acl; 2 elements
access-list inside_outbound_nat0_acl line 1 permit ip any 192.168.111.80 255.255.255.240 (hitcnt=0)
access-list inside_outbound_nat0_acl line 2 permit ip 192.168.111.0 255.255.255.0 192.168.111.96 255.255.255.252 (hitcnt=0)
access-list 90; 1 elements
access-list 90 line 1 permit ip 192.168.111.0 255.255.255.0 192.168.111.96 255.255.255.252 (hitcnt=0)
name(config)#
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top