Re: [OSL | CCIE_Security] Static policy nat

[Sumit Mahla]

Hello Pieter,

 

 

Thanks...

 

But have you tried this with different ASA version ? i mean 8.0 and 8.2 both ?

 

in 8.2 it always gives me error... but i practiced theis lab on a differen rack 
rental vendor and i did not got an error...

 

 

Regards


 


Subject: Re: [OSL | CCIE_Security] Static policy nat
From: pjnefk...@nefkensadvies.nl
Date: Sun, 20 Jun 2010 19:30:39 +0200
CC: ccie_security@onlinestudylist.com
To: sumitma...@hotmail.com

Hi Sumit,


The access-list specifies a specific protocol (telnet) that should be matched 
for the translation, but in your static configuration, you specifiy the whole 
ip-address to be translated (so both tcp and udp). And that doesn't match up.


The asa can't detemine in a single way what to needs be translated (e.g. mixing 
up pat and nat).


You could better do:
access-list nat-1 permit ip host 172.8.6.4 host 172.8.52.5
static (outside,inside) 172.8.731 access-list nat-1


Or use tcp ports (I think it's possible) and do
static (outside,inside) tcp 172.8.7.31 23 access-list nat-1


Pieter-Jan






On 20 jun 2010, at 19:14, Sumit Mahla wrote:

Hello All,
 
 
 
ASA2(config)# access-list NAT-1 extended permit tcp host 172.8.6.4 host
ASA2(config)# access-list NAT-1 extended permit tcp host 172.8.6.4 host 
172.8.52.5 eq 23
ASA2(config)# sta
ASA2(config)# static (ou,in) 172.8.7.31 acc
ASA2(config)# static (ou,in) 172.8.7.31 access-list NAT-1
ERROR: Protocol mismatch between the static and access-list
ASA2(config)#

 
 
why do i get this error... i am using ASA 8.2.........sometime i do not get 
this error... some of my friend do not get this error....
 
Please suggest...
 
 
Regards
 



Chin music and high voltage T20 action on MSN Sports Sign up now. 
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com




---
Nefkens Advies
Enk 26
4214 DD Vuren
The Netherlands


Tel: +31 183 634730
Fax: +31 183 690113
Cell: +31 654 323221
Email: pjnefk...@nefkensadvies.nl
Web: http://www.nefkensadvies.nl/

 Think before you print.


                                          
_________________________________________________________________
See the news as it happens on MSN videos
http://video.in.msn.com/

<<attachment: green.gif>>

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com