Stuart,
It is a resolved caveat. It will work fine as long as the ASA itself is not listening on the port. If the asa is listening on the port then it is unable to PAT to something else. That is why we break it in lab B. J Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: <http://www.IPexpert.com/communities> http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. From: Stuart Hare [mailto:[email protected]] Sent: Thursday, May 14, 2009 4:09 PM To: Tyson Scott Cc: Cisco certification; OSL Security Subject: Re: [OSL | CCIE_Security] LAB1B - ASA Static PAT Error It was enabled on the outside interface incorrectly as part of the 1B troubleshooting lab. I was thinking this was strange especially considering I did the 1A lab last saturday with no issues. Strange how they have this as a resolved caveat in the release notes for 8.0(4) code though. Cheers Stu On Thu, May 14, 2009 at 8:09 PM, Tyson Scott <[email protected]> wrote: Sorry if you do have it enabled it should be disabled. Regards, Tyson Scott - CCIE #13513 R&S and Security Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Cell: +1.248.504.7309 Fax: +1.810.454.0130 Mailto: [email protected] Join our free online support and peer group communities: <http://www.ipexpert.com/communities> http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage Lab Certifications. From: [email protected] [mailto:[email protected]] On Behalf Of Stuart Hare Sent: Thursday, May 14, 2009 1:34 PM Cc: Cisco certification; OSL Security Subject: Re: [OSL | CCIE_Security] LAB1B - ASA Static PAT Error Great! apparently this is on the resolved caveat list for ASA 8.0(4). Evidently this is not the case =) http://www.cisco.com/en/US/docs/security/asa/asa80/release/notes/arn804n.htm l On Thu, May 14, 2009 at 6:01 PM, Dave Craddock <[email protected]> wrote: do you have ssh on the outside as you are using the interface and this is the asa's ssh address ? ________________________________ From: [email protected] on behalf of Stuart Hare Sent: Thu 14/05/2009 18:07 To: OSL Security; Cisco certification Subject: [OSL | CCIE_Security] LAB1B - ASA Static PAT Error Has anyone come across the following error when using static PAT. asa(config)# static (DMZ7,outside) tcp interface ssh 10.7.7.7 ssh netmask 255.255.255.255 ERROR: unable to reserve port 22 for static PAT ERROR: unable to download policy Other static PAT statements are in and working correctly. static (DMZ8,outside) tcp 192.1.24.8 www 10.8.8.8 www netmask 255.255.255.255 static (DMZ8,outside) tcp 192.1.24.8 telnet 10.8.8.8 telnet netmask 255.255.255.255 static (DMZ8,outside) tcp 192.1.24.8 8080 8.8.8.8 www netmask 255.255.255.255 static (DMZ7,outside) tcp interface https 10.7.7.7 https netmask 255.255.255.255 Not came across this before, any ideas? Stu -- Stuart Hare [email protected] -- Stuart Hare [email protected] -- Stuart Hare [email protected]
