Stuart this should work fine. I believe it is shown in the verification for it working. Did you enable SSH for the ASA on the outside using
Ssh permit x.x.x.x x.x.x.x outside as Dave is asking below? Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: <http://www.IPexpert.com/communities> http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. From: [email protected] [mailto:[email protected]] On Behalf Of Stuart Hare Sent: Thursday, May 14, 2009 1:34 PM Cc: Cisco certification; OSL Security Subject: Re: [OSL | CCIE_Security] LAB1B - ASA Static PAT Error Great! apparently this is on the resolved caveat list for ASA 8.0(4). Evidently this is not the case =) http://www.cisco.com/en/US/docs/security/asa/asa80/release/notes/arn804n.htm l On Thu, May 14, 2009 at 6:01 PM, Dave Craddock <[email protected]> wrote: do you have ssh on the outside as you are using the interface and this is the asa's ssh address ? ________________________________ From: [email protected] on behalf of Stuart Hare Sent: Thu 14/05/2009 18:07 To: OSL Security; Cisco certification Subject: [OSL | CCIE_Security] LAB1B - ASA Static PAT Error Has anyone come across the following error when using static PAT. asa(config)# static (DMZ7,outside) tcp interface ssh 10.7.7.7 ssh netmask 255.255.255.255 ERROR: unable to reserve port 22 for static PAT ERROR: unable to download policy Other static PAT statements are in and working correctly. static (DMZ8,outside) tcp 192.1.24.8 www 10.8.8.8 www netmask 255.255.255.255 static (DMZ8,outside) tcp 192.1.24.8 telnet 10.8.8.8 telnet netmask 255.255.255.255 static (DMZ8,outside) tcp 192.1.24.8 8080 8.8.8.8 www netmask 255.255.255.255 static (DMZ7,outside) tcp interface https 10.7.7.7 https netmask 255.255.255.255 Not came across this before, any ideas? Stu -- Stuart Hare [email protected] -- Stuart Hare [email protected]
