[c-nsp] Trouble in an ASA migration from CheckPoint
Marcelo Zilio
ziliomarcelo at gmail.com
Mon May 11 09:25:02 EDT 2009
Hi Peter,
Thanks for you response.
I'm almost sure that I've tried reverse inside and outside interfaces, but I
will go dobule check. :)
regards,
Marcelo
2009/5/11 Peter Rathlev <peter at rathlev.dk>
> On Mon, 2009-05-11 at 08:35 -0300, Marcelo Zilio wrote:
> > I've tryied your suggestion and I got the following:
> ...
> > ciscoasa(config)# static (inside,outside) 80.1.1.1 access-list CONDITION1
> > ciscoasa(config)# static (inside,outside) 80.1.1.1 access-list CONDITION2
> > ERROR: mapped-address conflict with existing static
> > inside:10.1.1.1 to outside:80.1.1.1 netmask 255.255.255.255
> ...
> > In fact, in the config guide you've sent me, it says I cannot do that
> right
> > below. To be honest I have already saw this link.
> >
> > I was expecting someone somewhere already went through this and could
> share
> > any thoughts in which way was took to resolve this issue.
>
> The PIX/ASA/FWSM line doesn't support translations like that at all. So
> it's a no go. Linux can do it. So can *BSD probably. But not PIX based
> firewalls.
>
> I haven't thought it through, but you might be able to acheive what you
> want with reversed "inside" and "outside" interfaces. I wouldn't be
> pretty though. It would be better to use a platform that supports what
> you want to do.
>
> Regards,
> Peter
>
>
>
>
>
More information about the cisco-nsp
mailing list