Solved: 'static' statements do not appear to have a corresponding access-list

Thomas Reiling · ‎03-26-2011

Does the following WARNING mean that I can remove the static mapping without causing any harm to my production environment?

WARNING: The following 'static' statements do not appear to have a corresponding
'conduit' or 'access-list/access-group' pair:
static (inside,outside) tcp xxx.172.214.193 smtp 10.2.28.3 smtp netmask 255.255.255.255
0 0

Thank you,

Thomas

Federico Coto Fajardo · ‎03-26-2011

Hi,

All it means is that there is no ACL statement for that static NAT in your config.

The reason you get this message is that in order for inbound traffic to work (to your static NAT), the PIX/ASA require an ACL statement permitting the traffic. The ACL is the permission and the static is the translation.

So.... I won't think the static is working anyway in the inbound direction isn't it?

Hope it helps.

Federico.

View solution in original post

Federico Coto Fajardo · ‎03-26-2011

Hi,

All it means is that there is no ACL statement for that static NAT in your config.

The reason you get this message is that in order for inbound traffic to work (to your static NAT), the PIX/ASA require an ACL statement permitting the traffic. The ACL is the permission and the static is the translation.

So.... I won't think the static is working anyway in the inbound direction isn't it?

Hope it helps.

Federico.

Thomas Reiling · ‎03-26-2011

Thanks, Federico!

Thomas

Federico Coto Fajardo · ‎03-26-2011

You're very welcome Thomas, glad I could help ;-)

Federico.