Hi Joe, As far as I understand it, the example you are referring to is about policy NAT and you are not limited to use it this way.
Eugene From: [email protected] [mailto:[email protected]] On Behalf Of Joe Astorino Sent: 02 February 2012 10:26 To: OSL Security Subject: [OSL | CCIE_Security] Static NAT Question I am reading the ASA 8.0 configuration guide NAT section, specifically static NAT. It states "You cannot use the same real or mapped address in multiple static commands between the same two interfaces unless you use static PAT." Then a paragraph or few later in the examples of static policy NAT it gives the following example: hostname(config)# access-list NET1 permit ip host 10.1.2.27 209.165.201.0 255.255.255.224 hostname(config)# access-list NET2 permit ip host 10.1.2.27 209.165.200.224 255.255.255.224 hostname(config)# static (inside,outside) 209.165.202.129 access-list NET1 hostname(config)# static (inside,outside) 209.165.202.130 access-list NET2 Am I missing something or does that do what the documentation just said was impossible? They are using the same real address 10.1.2.27 in multiple static commands between the same two interfaces, inside and outside. I understand this example and I know exactly what it does, I just don't get why based on the restriction stated there. -- Regards, Joe Astorino CCIE #24347 Blog: http://astorinonetworks.com "He not busy being born is busy dying" - Dylan
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
