I am also thinking on the same line. Just wanted to confirm, if it's a feature?
With regards Kings On Wed, Aug 4, 2010 at 8:57 PM, --Hammer-- <[email protected]> wrote: > Isn't that "less specific rule first" being allowed and that is why Try 2 > works? I'm asking more than telling. > > --Hammer-- > > > On 8/4/2010 10:23 AM, Kingsley Charles wrote: > > Hi all > > If you check out the Try 1, I am not able to static PAT with 10.20.30.40 as > there is a static rule for with 10.20.30.40. But if I try in the reverse > order ASA accepts. > Does that mean static rules are executed in order? Hence with Try 2 the > static PAT is matched first and then static rule is matched or is it a bug? > > > > > *Try 1* > > asa(config)# static (inside,outisde) 1.2.3.4 10.20.30.40 > asa(config)# static (inside,outisde) tcp 1.2.3.4 telnet 10.20.30.40 telnet > ne$ > ERROR: mapped-address conflict with existing static > inside:10.20.30.40 to outisde:1.2.3.4 netmask 255.255.255.255 > > asa(config)# sh run static > static (inside,outisde) 1.2.3.4 10.20.30.40 netmask 255.255.255.255 > > > > > > *Try 2* > > > asa(config)# static (inside,outisde) tcp 1.2.3.4 23 10.20.30.40 23 > asa(config)# static (inside,outisde) 1.2.3.4 10.20.30.40 > > asa(config)# sh run static > static (inside,outisde) tcp 1.2.3.4 telnet 10.20.30.40 telnet netmask > 255.255.255.255 > static (inside,outisde) 1.2.3.4 10.20.30.40 netmask 255.255.255.255 > > > > With regards > Kings > > > > With regards > Kings > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
