Careful with that "feature" word. :) I'm on CCO right now but this is
kinda hard to confirm. I'll follow up soon.
--Hammer--
On 8/4/2010 10:29 AM, Kingsley Charles wrote:
I am also thinking on the same line. Just wanted to confirm, if it's a
feature?
With regards
Kings
On Wed, Aug 4, 2010 at 8:57 PM, --Hammer-- <[email protected]
<mailto:[email protected]>> wrote:
Isn't that "less specific rule first" being allowed and that is
why Try 2 works? I'm asking more than telling.
--Hammer--
On 8/4/2010 10:23 AM, Kingsley Charles wrote:
Hi all
If you check out the Try 1, I am not able to static PAT with
10.20.30.40 as there is a static rule for with 10.20.30.40. But
if I try in the reverse order ASA accepts.
Does that mean static rules are executed in order? Hence with Try
2 the static PAT is matched first and then static rule is matched
or is it a bug?
*Try 1*
asa(config)# static (inside,outisde) 1.2.3.4 10.20.30.40
asa(config)# static (inside,outisde) tcp 1.2.3.4 telnet
10.20.30.40 telnet ne$
ERROR: mapped-address conflict with existing static
inside:10.20.30.40 to outisde:1.2.3.4 netmask 255.255.255.255
asa(config)# sh run static
static (inside,outisde) 1.2.3.4 10.20.30.40 netmask 255.255.255.255
*Try 2*
asa(config)# static (inside,outisde) tcp 1.2.3.4 23 10.20.30.40 23
asa(config)# static (inside,outisde) 1.2.3.4 10.20.30.40
asa(config)# sh run static
static (inside,outisde) tcp 1.2.3.4 telnet 10.20.30.40 telnet
netmask 255.255.255.255
static (inside,outisde) 1.2.3.4 10.20.30.40 netmask 255.255.255.255
With regards
Kings
With regards
Kings
_______________________________________________
For more information regarding industry leading CCIE Lab training, please
visitwww.ipexpert.com <http://www.ipexpert.com>
_______________________________________________
For more information regarding industry leading CCIE Lab training,
please visit www.ipexpert.com <http://www.ipexpert.com>
_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit
www.ipexpert.com
