Yeah, since i was already familiar with 8.2 i did both in 8.4.. The ACL should have the keyword "interface" and port 23...
The NAT i think it was not a problem for you... My bad... Sent from my iPhone On May 28, 2013, at 11:24 PM, "Tarik Admani" <[email protected]> wrote: > Thanks guys for the update, > > Mike your ACL seems to be for version 8.3 and above, the lab I am working on > has my firewall at pre 8.2 hence the ACL to the translated and not real ip > address. > > Thanks, > Tarik Admani > > > From: Mike Rojas <[email protected]> > To: Tarik Admani <[email protected]>; IPX Forums > <[email protected]> > Sent: Tuesday, May 28, 2013 11:13 PM > Subject: RE: [OSL | CCIE_Security] WB1 Lab 4 Task 20 > > Tarik, > > I added the ACL on the outside interface just like this one: > > access-list outside extended permit tcp any host 177.177.177.177 eq telnet > > Using the Telnet 0 0 outside is not enable Telnet to the ASA itself. > When talking about the Firewall, there are two types of traffic, one is > called NP (or to the box traffic) and the other one is the passing through. > The telnet command only works for traffic that goes to the box and not > through it. > > When there is a NAT statement and based on the order of operation of NAT, the > Unstranslation is done first and then the packet is routed to its destination. > > Here is my NAT > > nat (DMZ1,outside) source static obj-177.177.177.177 interface service TELNET > TELNET > > Hope its a bit clear. > > Mike. > > Date: Tue, 28 May 2013 17:44:57 -0700 > From: [email protected] > To: [email protected] > Subject: [OSL | CCIE_Security] WB1 Lab 4 Task 20 > > Hi, > > The following section involves configuring static pat on ASA-1 so that all > telnet requests to the outside interface on the ASA are redirected to a > loopback on R7. > > After cross-referencing the DSG I had to add an acl which would allow telnet > traffic to the outside interface so that it can be redirected to R7's > loopback. > > The DSG doesnt mention this but then goes through the verification steps. I > tried to enable telnet access (telnet 0 0 outside), however the static PAT > would fail to download policy. > > I just wanted to make sure if that is the proper approach and that I am not > doing this incorrectly. > > Thanks, > Tarik > > > _______________________________________________ For more information > regarding industry leading CCIE Lab training, please visit www.ipexpert.com > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com > >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
