Guest

Preview Tool

Cisco Bug: CSCuo88253 - ASA NAT: Some NAT removed after upgrade from 8.6.1.5 to 9.x

Last Modified

Apr 16, 2020

Products (1)

  • Cisco ASA 5500-X Series Firewalls

Known Affected Releases

9.1(2) 9.1(5)

Description (partial)

Symptom:
after upgrade of asa from 8.6.1.5 to 9.x some nat rules are removed and on trying to add them again ASA complains of overlap

ERROR: 10.0.0.0-10.255.255.255 overlaps with dmz standby interface address. host_ip=10.x.x.x, vpif=17
ERROR: NAT Policy is not downloaded

Conditions:
when you do not have a pure static identity nat and you have your standby ip address (for the given interface) as part of source network
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.