Cisco Cisco ASA 5520 Adaptive Security Appliance 문제 해결 가이드

Contributed by Prapanch Ramamoorthy, Cisco TAC Engineer.
Aug 13, 2012

Introduction
 Before You Begin
      Requirements
      Components Used
      Conventions
 Problem
      Solution
 Related Information

Adaptive Security Appliances (ASAs) running 8.4(4) or higher may reject certain NAT configurations and
display an error message similar to this:

ERROR: <mapped address range> overlaps with <interface> standby interface

   address

ERROR: NAT Policy is not downloaded

This problem can also appear when you upgrade your ASA to 8.4(4) or higher from a prior release. You may
notice that some NAT commands are no longer present in the running−config of the ASA. In these instances,
you should look at the console messages printed out in order to see if there are messages present in the above
format.

Another effect you may notice is that traffic for certain subnets behind the ASA may cease passing through
Virtual Private Network (VPN) tunnel(s) terminating on the ASA. This document describes how to resolve
these issues.

These conditions need to be met in order to encounter this problem:

ASA running version 8.4(4) or higher, or upgraded to version 8.4(4) or higher from a prior release.

• 

ASA configured with a standby IP address on at least one of its interfaces.

• 

A NAT is configured with the above interface as the mapped interface.

• 

The information in this document is based on this hardware and software version:

ASAs running 8.4(4) or higher

•