Hi PJ When we use access-list for port redirection, we can't use destination port rather use source port number as following:
static (outside,inside) tcp 172.8.7.31 23 access-list nat-1 access-list NAT-1 extended permit tcp host 172.8.6.4 eq 23 host 172.8.52.5 If we use don't specify local port, we will get this error: *ERROR: Missing local port in access-list used in static pat* Wih regards Kings On Sun, Jun 20, 2010 at 11:00 PM, Pieter-Jan Nefkens < [email protected]> wrote: > Hi Sumit, > > The access-list specifies a specific protocol (telnet) that should be > matched for the translation, but in your static configuration, you specifiy > the whole ip-address to be translated (so both tcp and udp). And that > doesn't match up. > > The asa can't detemine in a single way what to needs be translated (e.g. > mixing up pat and nat). > > You could better do: > access-list nat-1 permit ip host 172.8.6.4 host 172.8.52.5 > static (outside,inside) 172.8.731 access-list nat-1 > > Or use tcp ports (I think it's possible) and do > static (outside,inside) tcp 172.8.7.31 23 access-list nat-1 > > Pieter-Jan > > > On 20 jun 2010, at 19:14, Sumit Mahla wrote: > > Hello All, > > > > ASA2(config)# access-list NAT-1 extended permit tcp host 172.8.6.4 host > ASA2(config)# access-list NAT-1 extended permit tcp host 172.8.6.4 host > 172.8.52.5 eq 23 > ASA2(config)# sta > ASA2(config)# static (ou,in) 172.8.7.31 acc > ASA2(config)# static (ou,in) 172.8.7.31 access-list NAT-1 > ERROR: Protocol mismatch between the static and access-list > ASA2(config)# > > > > why do i get this error... i am using ASA 8.2.........sometime i do not get > this error... some of my friend do not get this error.... > > Please suggest... > > > Regards > > > ------------------------------ > Chin music and high voltage T20 action on MSN Sports Sign up > now.<http://sports.in.msn.com/cricket/2010t20wc/> > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > --- > > Nefkens Advies > > Enk 26 > > 4214 DD Vuren > > The Netherlands > > > Tel: +31 183 634730 > > Fax: +31 183 690113 > > Cell: +31 654 323221 > > Email: [email protected] > > Web: http://www.nefkensadvies.nl/ > > Think before you print. > > > > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
