imagine a telnet session is initiated from the outside. asa receives the packet destined for 18.104.22.168 with tcp port 23. asa then looks up the static and forwords the packet to 192.168.1.1. now, the return traffic from 192.168.1.1 received by asa. asa will be confused because asa is not able to determine which static should be used.
further, you may configure the telnet server to listen on multiple port. by default, telnet server listen to tcp port 23. providing the telnet server listen to both tcp port 23 and tcp port 10000, then the issue should be resolved.
e.g. static (inside,outside) tcp 22.214.171.124 23 192.168.1.1 23 netmask 255.255.255.255
Yep, it is possible through policy NAT. However, you can't combine one static and then add a policy NAT. There will still be the 'overlapping' address problem. The solution is to create two policy nats.
My original post was regarding unknown (any) source hosts coming inbound to a host behind the ASA.
Today we were hit with another similar problem only this time we knew all the host addresses (sources inbound from the public side). Policy NAT did work in this case.
We are going to test using 'any' as the source inbound to see if we can resolve the other issue. I think as long as there is not an existing static NAT that would conflict, it is possible.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...