Symptom

Configuring SNMP, management-access and crypto ikev2 on the interface and when making the changes on interface config is giving the below unwanted warning messages which might false alarm the customer. WARNING: mapped-address 10.2.110.37/162-0 overlaps with existing static NAT in Section 1, rule 2. WARNING: Pool (10.2.110.37) overlap with existing pool : Rules are pushed there is no functionality impact was seen

Conditions

Issue will come with bellow configurations snmp-server host inside_snmp version 3 crypto ikev2 enable outside_snmp (outside interface) management-access inside_snmp (inside interface) above configurations will push bellow rules , while pushing the second rule , look up on new rules ip address /port will happen on existing rules. mistakenly first rule is getting picked up as overlapping ip/port number . Rule is getting pushed with out any issues only warning was seen ASA(config)# show nat detail Manual NAT Policies (Section 1) 1 (nlp_int_tap) to (outside_snmp) source dynamic nlp_client_0_10.2.110.37_17proto162_intf4 interface destination static nlp_client_0_ipv4_14 nlp_client_0_ipv4_14 service nlp_client_0_17svc162_13 nlp_client_0_17svc162_13 translate_hits = 0, untranslate_hits = 0 Source - Origin: 169.254.1.2/32, Translated: 192.168.1.15/24 Destination - Origin: 10.2.110.37/32, Translated: 10.2.110.37/32 Service - Origin: udp destination eq snmptrap , Translated: udp destination eq snmptrap 2 (nlp_int_tap) to (outside) source dynamic nlp_client_0_10.2.110.37_17proto162_intf3 interface destination static nlp_client_0_ipv4_12 nlp_client_0_ipv4_12 service nlp_client_0_17svc162_11 nlp_client_0_17svc162_11 translate_hits = 0, untranslate_hits = 0 Source - Origin: 169.254.1.2/32, Translated: 2.2.2.224/24 Destination - Origin: 10.2.110.37/32, Translated: 10.2.110.37/32 Service - Origin: udp destination eq snmptrap , Translated: udp destination eq snmptrap 3 (nlp_int_tap) to (inside_snmp) source dynamic nlp_client_0_10.2.110.37_17proto162_intf5 interface destination static nlp_client_0_ipv4_10 nlp_client_0_ipv4_10 service nlp_client_0_17svc162_9 nlp_client_0_17svc162_9 translate_hits = 0, untranslate_hits = 0 Source - Origin: 169.254.1.2/32, Translated: 10.2.110.2/24 Destination - Origin: 10.2.110.37/32, Translated: 10.2.110.37/32 Service - Origin: udp destination eq snmptrap , Translated: udp destination eq snmptrap Auto NAT Policies (Section 2) 1 (nlp_int_tap) to (inside_snmp) source static nlp_server_0_snmp_intf5 interface service udp snmp snmp translate_hits = 0, untranslate_hits = 0 Source - Origin: 169.254.1.2/32, Translated: 10.2.110.2/24 Service - Protocol: udp Real: snmp Mapped: snmp 2 (nlp_int_tap) to (outside) source static nlp_server_0_tunnel-snmp_intf3 interface service udp snmp snmp translate_hits = 0, untranslate_hits = 0 Source - Origin: 169.254.1.2/32, Translated: 2.2.2.224/24 Service - Protocol: udp Real: snmp Mapped: snmp 3 (nlp_int_tap) to (outside_snmp) source static nlp_server_0_tunnel-snmp_intf4 interface service udp snmp snmp translate_hits = 0, untranslate_hits = 0 Source - Origin: 169.254.1.2/32, Translated: 192.168.1.15/24 Service - Protocol: udp Real: snmp Mapped: snmp ASA(config)#

Workaround

No workaround. The error messages displayed are cosmetic and have no operation impact.

Further Problem Description