: veeduby...@gmail.com
To: kingsley.char...@gmail.com
CC: ccie_security@onlinestudylist.com
Subject: Re: [OSL | CCIE_Security] Static Policy NAT with L4 ACL
I'm using 8.0(4)23
ASA1/c1# show version
Cisco Adaptive Security Appliance Software Version 8.0(4)23 context
Device Manager Version 6.1(5)51
Hi Guys,
I'm a bit confused as it seems to me you are agreeing with each other but
yet saying different things. Kings says matching on protocol can't be done
with static policy NAT and Bruno seems to say it can.
I now with some other forms of policy NAT if I try and use an ACL with
ports defined
What image are you using?
Use 8.0.3 and you will see that it will not be allowed to be configured in
the first place. The following error will be thrown.
asa1(config)# static (inside,outside) 20.10.30.40 access-list tel
ERROR: Protocol mismatch between the static and access-list
With regards
I'm using 8.0(4)23
ASA1/c1# show version
Cisco Adaptive Security Appliance Software Version 8.0(4)23 context
Device Manager Version 6.1(5)51
I'm not using 8.0(3) but if that error appears on that version I would
expect it would appear in 8.0(4) also considering it is later version.
On Wed,
We need to consider image used in the CCIE lab.
With regards
Kings
On Tue, Jul 3, 2012 at 8:32 PM, Ben Shaw veeduby...@gmail.com wrote:
I'm using 8.0(4)23
ASA1/c1# show version
Cisco Adaptive Security Appliance Software Version 8.0(4)23 context
Device Manager Version 6.1(5)51
I'm not
The following is incorrect. With static policy rule, you can't use
destination port numbers. You can do it only with policy nat (nat/global
commands)
access-list acl1 extended permit tcp host 10.1.1.1 host 10.4.4.4 eq telnet
static (inside,outside) 192.168.6.61 acl1
With regards
Kings
On Mon,
What Kings is saying is correct, you can only use an access-list matching
TCP when you are going to match the protocol on the static translation.
2012/7/2 Kingsley Charles kingsley.char...@gmail.com
The following is incorrect. With static policy rule, you can't use
destination port numbers.
