[Webinar] Streamline your web hosting managementRegister Today

x
?
Solved

asa 5505 ip address/subnet confilct warning

Posted on 2008-06-14
5
Medium Priority
?
295 Views
Last Modified: 2010-04-09
I set my inside interface to the address of 10.0.0.1 255.255.255.0 (this was preconfigured on the old firewall).  When creating the nat (inside) 1 10.0.0.1 255.255.255.0 rule I originally entered '1' at the end of 10.0.0.1.  After I entered in the rule it gave me a warning stating that the IP address and the subnet has a conflit...  Now when I do a 'show run'  I see 'nat (inside) 1 10.0.0.0 255.255.255.0'.  The '1' was replaced with a '0'.  Will this still work?  I know why it did this, however, I'm trying to void re addressing the site...  
0
Comment
Question by:gopher_49
  • 2
  • 2
5 Comments
 
LVL 7

Accepted Solution

by:
naughton earned 1000 total points
ID: 21787104
a .1 is invlaid with a 255.255.255.0 subnet -

the Nat command is looking for the network address of the subnet specified i.e. 10.0.0.0 vs 10.0.0.1

it will still work - and the nat command will NAT all traffic int eh 10.0.0.0 /24 subnet.
0
 

Author Comment

by:gopher_49
ID: 21788695
great.  I'll test later this after noon.  I'll get back with you shortly.
0
 
LVL 6

Assisted Solution

by:raptorjb007
raptorjb007 earned 1000 total points
ID: 21794327
Naughton is correct, When using the Nat command you need to specify the subnet you want to nat rather than a specific IP.

The following is the correct statement for your listed config.

nat (inside) 1 10.0.0.0 255.255.255.0
0
 
LVL 7

Expert Comment

by:naughton
ID: 21866005
hey gopher_49

how'd you go?
0
 
LVL 6

Expert Comment

by:raptorjb007
ID: 21884322
Any luck?
0

Featured Post

Will You Be GDPR Compliant by 5/28/2018?

GDPR? That's a regulation for the European Union. But, if you collect data from customers or employees within the EU, then you need to know about GDPR and make sure your organization is compliant by May 2018. Check out our preparation checklist to make sure you're on track today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

For months I had no idea how to 'discover' the IP address of the other end of a link (without asking someone who knows), and it drove me batty. Think about it. You can't use Cisco Discovery Protocol (CDP) because it's not implemented on the ASAs.…
When speed and performance are vital to revenue, companies must have complete confidence in their cloud environment.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…
Suggested Courses
Course of the Month9 days, 11 hours left to enroll

591 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question