Tarik, I added the ACL on the outside interface just like this one:
access-list outside extended permit tcp any host 177.177.177.177 eq telnet Using the Telnet 0 0 outside is not enable Telnet to the ASA itself. When talking about the Firewall, there are two types of traffic, one is called NP (or to the box traffic) and the other one is the passing through. The telnet command only works for traffic that goes to the box and not through it. When there is a NAT statement and based on the order of operation of NAT, the Unstranslation is done first and then the packet is routed to its destination. Here is my NAT nat (DMZ1,outside) source static obj-177.177.177.177 interface service TELNET TELNET Hope its a bit clear. Mike. Date: Tue, 28 May 2013 17:44:57 -0700 From: [email protected] To: [email protected] Subject: [OSL | CCIE_Security] WB1 Lab 4 Task 20 Hi, The following section involves configuring static pat on ASA-1 so that all telnet requests to the outside interface on the ASA are redirected to a loopback on R7. After cross-referencing the DSG I had to add an acl which would allow telnet traffic to the outside interface so that it can be redirected to R7's loopback. The DSG doesnt mention this but then goes through the verification steps. I tried to enable telnet access (telnet 0 0 outside), however the static PAT would fail to download policy. I just wanted to make sure if that is the proper approach and that I am not doing this incorrectly. Thanks, Tarik _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
