Cisco ASA 8.0(4) NAT over VPN

I need to NAT some internal IPs over a Point to Point VPN with Policy NAT.
It's working, but I want to be sure it's correct, since the ASDM gives me an INFO Message every time I make a change now about overlapping static NAT entries.

I am natting internal IP X to another internal IP Y when going to Internal IP Z over the VPN (Static Policy Nat)
I am also Natting Internal IP X to Public IP A when going to the internet. (Static Nat)

I would assume that since the first rule has a specific destination, and the second rule does not it would be ok, but the NOTE about overlapping subnets is disturbing.

Here is the Message:
[INFO] static static (X51-dmz,public) 73.208.145.24 10.10.51.124 netmask 255.255.255.255 dns tcp 0 0 udp 0
       overlap with existing static
  X51-dmz: 10.10.51.124 to public:192.168.99.124 netmask 255.255.255.255


Here are the relevant parts of the config.(with IPs changed)

access-list X51-dmz_nat_static extended permit ip host 10.10.51.32 host 10.1.2.5
access-list X51-dmz_nat_static_3 extended permit ip host 10.10.51.124 host 10.1.2.5
access-list X51-dmz_nat_static_2 extended permit ip host 10.10.51.34 host 10.1.2.5
access-list X51-dmz_nat_static_1 extended permit ip host 10.10.51.33 host 10.1.2.5


static (X51-dmz,public) 73.208.144.32 10.10.51.32 netmask 255.255.255.255 dns
static (X51-dmz,public) 192.168.99.32  access-list X51-dmx_nat_static

static (X51-dmz,public) 73.208.144.33 10.10.51.33 netmask 255.255.255.255 dns
static (X51-dmz,public) 192.168.99.33  access-list X51-dmx_nat_static_1

static (X51-dmz,public) 73.208.144.34 10.10.51.34 netmask 255.255.255.255 dns
static (X51-dmz,public) 192.168.99.34  access-list X51-dmx_nat_static_2

static (X51-dmz,public) 73.208.145.24 10.10.51.124 netmask 255.255.255.255 dns
static (X51-dmz,public) 192.168.99.124  access-list X51-dmx_nat_static_3

crypto map public_map 21 match address public_21_cryptomap
crypto map public_map 21 set peer 77.194.193.2
crypto map public_map 21 set transform-set ESP-3DES-SHA
crypto map public_map 21 set security-association lifetime seconds 28800
crypto map public_map 21 set security-association lifetime kilobytes 4608000

access-list public_21_cryptomap extended permit ip object-group DM_INLINE_NETWORK_42 object-group DM_INLINE_NETWORK_47

object-group network DM_INLINE_NETWORK_42
 network-object host 192.168.99.32
 network-object host 192.168.99.124
 network-object host 192.168.99.33
 network-object host 192.168.99.34

object-group network DM_INLINE_NETWORK_47
 network-object host 10.1.2.5
NCXTechAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

NCXTechAuthor Commented:
Guess there are no answers......    Anyway. This has been working just fine.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.