The ASA config guide under the Configuring NAT->Configuring static PAT gives a good feel for how it used.
The key to understanding static NAT is not to relate to it as Inside->Outside or High Sec Level -> Low Sec Level and also keep in mind static NAT is bidirectional. Rather relate to it in terms of static (<src iface> , <dest iface>) <dest addr> <src addr> e.g if a pkt hits the intf marked dest iface and its dest addr matches then replace the dest addr with the src addr (in your use case this is the incoming leg) if a pkt hits the intf marked src iface and its src addr matches then replace the src add with the dest addr (in your use case this the outgoing/reply leg) Ensure your inbound ACL on the outside interface permits incoming telnet connections. Once you done this, understand the processing of the static NAT becomes self explanatory when you look at the output of packet-tracer input outside tcp 136.1.122.99 2050 <asa out intf ip> 23 - R Shenai
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
