Re: [OSL | CCIE_Security] [SOLVED] ASA NAC - no response from CTAEAPoUDP

Sat, 14 May 2011 21:44:16 -0700 

You are trying static PAT, so the access-list needs a corresponding source
port. But originally, your access-list had destination port.


With regards
Kings

On Sun, May 15, 2011 at 12:35 AM, Adil Pasha <[email protected]> wrote:

> Thanks Meytal,
>
> Could you please let me know the reason?
>
>
> Best Regards.
> ______________________
> Adil
>
> On May 14, 2011, at 2:42 PM, Meytal Mizrahi wrote:
>
> Hi Adil,
>
> your access-list in incorrect, try:
>  access-list R1l0-R4l0 extended permit tcp host 10.1.1.1 eq telnet host
> 10.4.4.4
> Regards,
> Meytal
>
>  ------------------------------
>  *מאת:* [email protected] בשם Adil Pasha
> *נשלח:* ש 14/05/2011 17:20
> *אל:* CCIE Security Maillist
> *נושא:* Re: [OSL | CCIE_Security] [SOLVED] ASA NAC - no response from
> CTAEAPoUDP
>
> Could you please let me know what is the reason that I am getting the
> mismatch error message?
>
> I spend enough time on Google and read ASA Config Guide but could not get
> the answer.
>
> Thanks in advance.
>
> When I configure the ASA policy based NAT without any port and use 'permit
> ip' in the ACL the static command works.
>
> ASA1/c1(config)#  access-list R1l0-R4l0 per ip ho 10.1.1.1 ho 10.4.4.4
> ASA1/c1(config)# static (inside,outside) 192.168.6.61 access-list R1l0-R4l0
>
> When I use 'permit tcp' and add the port 'telnet' to it I get the error
> message.
>
> access-list R1l0-R4l0 extended permit tcp host 10.1.1.1 host 10.4.4.4 eq
> telnet
> ASA1/c1(config)# static (inside,outside) 192.168.6.61 access-list R1l0-R4l0
> ERROR: Protocol mismatch between the static and access-list
> ASA1/c1(config)#
>
>
> Best Regards.
>  ______________________
>   Adil
>
>
>
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please
> visit www.ipexpert.com
>
> Are you a CCNP or CCIE and looking for a job? Check out
> www.PlatinumPlacement.com
>

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to