https://community.cisco.com/t5/network-security/asa-8-x-to-9-2-convert-nat-with-ports-tcp-udp/m-p/3835616#M28602 Hi<BR /><BR />Values associated with tcp and udp are max connections for the local-host with embryonic connections.<BR />You can manage this on a policy-map. This isn't on a nat configuration anymore.<BR /><BR />The config you posted will be translated into the following commands:<BR /><BR />object network Mail_Server<BR /> subnet x.x.x.x 255.255.255.224<BR />!<BR />object network dmz.srv.Mail<BR /> host x.x.x.x<BR />nat (dmz,outside) after-auto source dynamic dmz.srv.Mail Mail_Server<BR /><BR />However i believe your internal mail server is natted to 1 public ip and nat command should be the following instead of the previous one:<BR /><BR />object network Mail_Server<BR /> host x.x.x.x<BR />!<BR />object network dmz.srv.Mail<BR /> host x.x.x.x<BR /> nat (dmz,outside) static Mail_Server<BR /><BR />In this case the nat is done under the group object dmz.srv.Mail<BR /><BR /><BR /><BR /><BR /><BR /> Wed, 10 Apr 2019 03:59:14 GMT Francesco Molino 2019-04-10T03:59:14Z https://community.cisco.com/t5/network-security/asa-8-x-to-9-2-convert-nat-with-ports-tcp-udp/m-p/3835316#M28601 <P>Hello Everyone,</P><P>&nbsp;</P><P>I have a doubt about a nat rule from an old ASA to a new one</P><P>&nbsp;</P><P>There is a NAT rule that i really don´t understand (I am a beginner in security)</P><P>&nbsp;</P><P>global (outside) 110 Mail_Server netmask 255.255.255.224</P><P>nat (dmz) 110 dmz.srv.Mail 255.255.255.255 tcp 500 100 udp 50</P><P>&nbsp;</P><P>what i can barely understand is that traffic coming from the dmz is translated to the IP range at the outside using the ports TCP 500, 100 and udp 50 right?</P><P>&nbsp;</P><P>I am undestanding ok?</P><P>and, then, how can i translate to the version 9.2?</P><P>&nbsp;</P><P>I really really will appreciate your help!</P><P>&nbsp;</P><P>Thanks in Advance!</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 09 Apr 2019 18:42:43 GMT https://community.cisco.com/t5/network-security/asa-8-x-to-9-2-convert-nat-with-ports-tcp-udp/m-p/3835316#M28601 rgutierrez15 2019-04-09T18:42:43Z https://community.cisco.com/t5/network-security/asa-8-x-to-9-2-convert-nat-with-ports-tcp-udp/m-p/3835616#M28602 Hi<BR /><BR />Values associated with tcp and udp are max connections for the local-host with embryonic connections.<BR />You can manage this on a policy-map. This isn't on a nat configuration anymore.<BR /><BR />The config you posted will be translated into the following commands:<BR /><BR />object network Mail_Server<BR /> subnet x.x.x.x 255.255.255.224<BR />!<BR />object network dmz.srv.Mail<BR /> host x.x.x.x<BR />nat (dmz,outside) after-auto source dynamic dmz.srv.Mail Mail_Server<BR /><BR />However i believe your internal mail server is natted to 1 public ip and nat command should be the following instead of the previous one:<BR /><BR />object network Mail_Server<BR /> host x.x.x.x<BR />!<BR />object network dmz.srv.Mail<BR /> host x.x.x.x<BR /> nat (dmz,outside) static Mail_Server<BR /><BR />In this case the nat is done under the group object dmz.srv.Mail<BR /><BR /><BR /><BR /><BR /><BR /> Wed, 10 Apr 2019 03:59:14 GMT https://community.cisco.com/t5/network-security/asa-8-x-to-9-2-convert-nat-with-ports-tcp-udp/m-p/3835616#M28602 Francesco Molino 2019-04-10T03:59:14Z