[c-nsp] NAT and PAT on ASA

Tony Varriale tvarriale at comcast.net
Wed Jul 22 11:28:26 EDT 2009


Your inability to see any value is...again...your opinion.  In fact, it's 
sort of ironic.

Best practices should be taught correctly especially to people with little 
or no experience (the original poster, not Ryan).  Once they understand how 
Cisco implements features and the gotchas, then they can continue on how 
they would like.

I gave Ryan an FYI about the ACL directions since I do not a) know Ryan b) 
know his skill/knowledge level c) make any assumptions.

Reread my original response.  You'll see words like "recommend".

If offering a little insight/assistance on a public list/forum isn't value, 
I'm not sure what you think it is.

tv
----- Original Message ----- 
From: "Binh Phan" <binh.l.phan at gmail.com>
To: "Tony Varriale" <tvarriale at comcast.net>
Cc: <cisco-nsp at puck.nether.net>
Sent: Tuesday, July 21, 2009 11:49 PM
Subject: Re: [c-nsp] NAT and PAT on ASA


> The original user was asking for assistance on what would be the right 
> configuration specific to his scenario which was a host static NAT and 
> Ryan simply provided that.
> I simply saw what you stated was not adding any value to the  discussion 
> other than what seemed to be fault finding, as adding  netmask in this 
> case, OR NOT makes absolutely no difference. Maybe I  read it wrong and if 
> so I apologize.
> Agree, best practices are important but it's irrelevant in this  context 
> or discussion, IMO.
> --Binh
> On Jul 21, 2009, at 9:37 PM, Tony Varriale wrote:
>
>> You pointed out, to me, on how to complete a command.  I don't need 
>> assistance with that.
>>
>> I pointed out that it is best to offer people that are newer to  Cisco 
>> and/or a specific platform best practices (for many reasons).
>>
>> Here's an example from my home ASA on why best practices...are best 
>> practices:
>>
>> homepix(config)# static (inside,outside) 58.66.76.88 192.168.0.100
>> homepix(config)# sh run static
>> static (inside,outside) 58.66.76.88 192.168.0.100 netmask 
>> 255.255.255.255
>> homepix(config)# static (inside,outside) 172.16.0.0 172.16.0.0
>> homepix(config)# sh run static
>> static (inside,outside) 58.66.76.88 192.168.0.100 netmask 
>> 255.255.255.255
>> static (inside,outside) 172.16.0.0 172.16.0.0 netmask 255.255.0.0
>>
>> If you think that's arrogance, that's your opinion.
>>
>> tv
>> ----- Original Message ----- From: "Binh Phan" <binh.l.phan at gmail.com>
>> To: "Tony Varriale" <tvarriale at comcast.net>
>> Cc: <cisco-nsp at puck.nether.net>
>> Sent: Tuesday, July 21, 2009 11:26 PM
>> Subject: Re: [c-nsp] NAT and PAT on ASA
>>
>>
>>> Wow! Arrogance at its best ;-)
>>> Sure been around Cisco long enough and infact been _IN_ Cisco long 
>>> enough..
>>> but I simply wanted to point out the fact that it was uneccessary  what 
>>> you pointed out. No offense!!
>>> On Jul 21, 2009, at 9:18 PM, Tony Varriale wrote:
>>>
>>>> If you haven't been around Cisco long enough to know not to  assume, 
>>>> then be my guest.
>>>>
>>>> But, that's poor advice to offer a person that is somewhat new  (or 
>>>> new) to Cisco.  That's how bad habits start.
>>>>
>>>> tv
>>>> ----- Original Message ----- From: "Binh Phan" <binh.l.phan at gmail.com
>>>> >
>>>> To: "Tony Varriale" <tvarriale at comcast.net>
>>>> Cc: <cisco-nsp at puck.nether.net>
>>>> Sent: Tuesday, July 21, 2009 11:10 PM
>>>> Subject: Re: [c-nsp] NAT and PAT on ASA
>>>>
>>>>
>>>>>
>>>>> On Jul 21, 2009, at 7:42 PM, Tony Varriale wrote:
>>>>>
>>>>>> I would recommend completing your static with the appropriate 
>>>>>> netmask.
>>>>> >>You do not need to specify netmask in this case since it's a /32
>>>>> and will be auto-completed when you enter the command in CLI.
>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>
>> _______________________________________________
>> cisco-nsp mailing list  cisco-nsp at puck.nether.net
>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 



More information about the cisco-nsp mailing list