[c-nsp] Trouble in an ASA migration from CheckPoint
Peter Rathlev
peter at rathlev.dk
Mon May 11 08:18:25 EDT 2009
On Mon, 2009-05-11 at 08:35 -0300, Marcelo Zilio wrote:
> I've tryied your suggestion and I got the following:
...
> ciscoasa(config)# static (inside,outside) 80.1.1.1 access-list CONDITION1
> ciscoasa(config)# static (inside,outside) 80.1.1.1 access-list CONDITION2
> ERROR: mapped-address conflict with existing static
> inside:10.1.1.1 to outside:80.1.1.1 netmask 255.255.255.255
...
> In fact, in the config guide you've sent me, it says I cannot do that right
> below. To be honest I have already saw this link.
>
> I was expecting someone somewhere already went through this and could share
> any thoughts in which way was took to resolve this issue.
The PIX/ASA/FWSM line doesn't support translations like that at all. So
it's a no go. Linux can do it. So can *BSD probably. But not PIX based
firewalls.
I haven't thought it through, but you might be able to acheive what you
want with reversed "inside" and "outside" interfaces. I wouldn't be
pretty though. It would be better to use a platform that supports what
you want to do.
Regards,
Peter
More information about the cisco-nsp
mailing list