Hi, These are both correct behaviour of the ASA.
For the first in basic terms the ASA cant be configured to listen on a port, if it is already listening on that port for another purpose. Hence why the removal of telnet allowed it to function. As for the static to the interface, Im pretty sure this was allowed in earlier versions of code, which may explain why you have came across it in other documentation. Below is the extract form the cmd ref, which states the interface cmd must be used. *interface* Uses the interface IP address as the mapped address. Use this keyword if you want to use the interface address, but the address is dynamically assigned using DHCP. *Note *You must use the *interface* keyword instead of specifying the actual IP address when you want to include the IP address of an interface in a static PAT entry. HTH Stu 2009/8/29 Dnyaneshwar Gore <[email protected]> > Hi All, > > 1. I want to configure static port redirection for telnet traffic so that > any host tries to telnet outside interface of ASA then it will go to inside > host (router) connected to inside interface. > > While I am configuring this by "static (inside,outside) tcp interface > telnet 136.1.121.13 telnet" command it gives me error "ERROR: unable to > reserve port 23 for static PAT > ERROR: unable to download policy". > > After looking the configuration I found that "telnet 0 0 outside" is > configured. And when I removed this telnet command, ASA accepts above static > pat command without any error. > > Is this behaviour correct? > > 2. Another behaviour is that ASA does not allow to use interface ip > address when configuring static PAT using interface. It forces to use > "interface" keyword. The error is "ERROR: Static PAT using the interface > requires the use of the 'interface' keyword instead of the interface IP > address". But same is not mentioned in configuration guide. In fact they > have shown examples with interface ip address in config guide. > I am getting confuse on this. > > Kindly explain above behaviour. > > > Thanks & Regards > D.M.Gore > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
