NAT Rule Error: Mismatch Static IP

NAT Rule Error: Mismatch Static IP

58329
Created On 09/26/18 13:51 PM - Last Modified 04/23/20 21:48 PM


Symptom


During commit Error message "Mismatch static-ip address range between original address and translated address" is displayed.
  
device: 
nat rule 'NAT_rule': 
Mismatch static-ip address range between original address and translated address
Failed to parse nat policy
Commit failed

 

Environment


  • Any PAN-OS.
  • Palo Alto Firewall.
  • Static NAT configured.

Cause


Non /32 mask used to translate one static IP. This is not allowed or supported.

Resolution


Use  /32 address to translate to one static IP.

Additional Information


If Static NAT is not needed one can use dynamic ip translation to allow many-to-one translation.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000Clu0CAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language