Isn't that "less specific rule first" being allowed and that is why Try
2 works? I'm asking more than telling.
--Hammer--
On 8/4/2010 10:23 AM, Kingsley Charles wrote:
Hi all
If you check out the Try 1, I am not able to static PAT with
10.20.30.40 as there is a static rule for with 10.20.30.40. But if I
try in the reverse order ASA accepts.
Does that mean static rules are executed in order? Hence with Try 2
the static PAT is matched first and then static rule is matched or is
it a bug?
*Try 1*
asa(config)# static (inside,outisde) 1.2.3.4 10.20.30.40
asa(config)# static (inside,outisde) tcp 1.2.3.4 telnet 10.20.30.40
telnet ne$
ERROR: mapped-address conflict with existing static
inside:10.20.30.40 to outisde:1.2.3.4 netmask 255.255.255.255
asa(config)# sh run static
static (inside,outisde) 1.2.3.4 10.20.30.40 netmask 255.255.255.255
*Try 2*
asa(config)# static (inside,outisde) tcp 1.2.3.4 23 10.20.30.40 23
asa(config)# static (inside,outisde) 1.2.3.4 10.20.30.40
asa(config)# sh run static
static (inside,outisde) tcp 1.2.3.4 telnet 10.20.30.40 telnet netmask
255.255.255.255
static (inside,outisde) 1.2.3.4 10.20.30.40 netmask 255.255.255.255
With regards
Kings
With regards
Kings
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
