Re: [OSL | CCIE_Security] [SOLVED] ASA NAC - no response from CTAEAPoUDP

Sun, 15 May 2011 05:49:13 -0700 

Thanks so much to all of you.


Best Regards.
______________________
Adil 

On May 15, 2011, at 12:16 AM, Kingsley Charles wrote:

> You are trying static PAT, so the access-list needs a corresponding source 
> port. But originally, your access-list had destination port.
> 
> 
> With regards
> Kings
> 
> On Sun, May 15, 2011 at 12:35 AM, Adil Pasha <[email protected]> wrote:
> Thanks Meytal,
> 
> Could you please let me know the reason?
> 
> 
> Best Regards.
> ______________________
> Adil 
> 
> On May 14, 2011, at 2:42 PM, Meytal Mizrahi wrote:
> 
>> Hi Adil,
>>  
>> your access-list in incorrect, try:
>> access-list R1l0-R4l0 extended permit tcp host 10.1.1.1 eq telnet host 
>> 10.4.4.4 
>> Regards,
>> Meytal
>>  
>> מאת: [email protected] בשם Adil Pasha
>> נשלח: ש 14/05/2011 17:20
>> אל: CCIE Security Maillist
>> נושא: Re: [OSL | CCIE_Security] [SOLVED] ASA NAC - no response from 
>> CTAEAPoUDP
>> 
>> Could you please let me know what is the reason that I am getting the 
>> mismatch error message?
>> 
>> I spend enough time on Google and read ASA Config Guide but could not get 
>> the answer.
>> 
>> Thanks in advance.
>> 
>> When I configure the ASA policy based NAT without any port and use 'permit 
>> ip' in the ACL the static command works.
>> 
>> ASA1/c1(config)#  access-list R1l0-R4l0 per ip ho 10.1.1.1 ho 10.4.4.4  
>> ASA1/c1(config)# static (inside,outside) 192.168.6.61 access-list R1l0-R4l0
>> 
>> When I use 'permit tcp' and add the port 'telnet' to it I get the error 
>> message.
>> 
>> access-list R1l0-R4l0 extended permit tcp host 10.1.1.1 host 10.4.4.4 eq 
>> telnet
>> ASA1/c1(config)# static (inside,outside) 192.168.6.61 access-list R1l0-R4l0
>> ERROR: Protocol mismatch between the static and access-list
>> ASA1/c1(config)#
>> 
>> 
>> Best Regards.
>> ______________________
>> Adil 
>> 
> 
> 
> _______________________________________________
> For more information regarding industry leading CCIE Lab training, please 
> visit www.ipexpert.com
> 
> Are you a CCNP or CCIE and looking for a job? Check out 
> www.PlatinumPlacement.com
> 


_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Are you a CCNP or CCIE and looking for a job? Check out 
www.PlatinumPlacement.com

Reply via email to