https://community.cisco.com/t5/network-security/asa-8-3-migration-changes-hosts-to-objects/m-p/2063128#M398836 <HTML><HEAD></HEAD><BODY><P>Yes, you are right. The host that has a "name" entry gets migrated to object.</P><P></P><P>Here is the URL for your reference:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html#wp106362">http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html#wp106362</A></P><P></P><P>Here is the full migration document to version 8.3 and above for your reference:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html">http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html</A></P></BODY></HTML> Thu, 27 Sep 2012 14:58:51 GMT Jennifer Halim 2012-09-27T14:58:51Z https://community.cisco.com/t5/network-security/asa-8-3-migration-changes-hosts-to-objects/m-p/2063125#M398833 <P>I'm testing upgrading an ASA from 8.2.5 to 8.4.4.&nbsp; During the the upgrade, it change all of my ACL host entries to objects.&nbsp; But I noticed that the keyword "host" is still a valid option when creating an ACL.</P><P></P><P>I'm trying to understand why this change is made during the migration.</P><P></P><P>Thank you.</P><P></P><P>Jason</P> Mon, 11 Mar 2019 23:58:52 GMT https://community.cisco.com/t5/network-security/asa-8-3-migration-changes-hosts-to-objects/m-p/2063125#M398833 jason.williams 2019-03-11T23:58:52Z https://community.cisco.com/t5/network-security/asa-8-3-migration-changes-hosts-to-objects/m-p/2063126#M398834 <HTML><HEAD></HEAD><BODY><P>From ASA 8.3 onwards, ACL applied to the outside interface for example the destination no longer use the mapped/translated address but the real address.</P><P></P><P>For example:</P><P>If you have NAT for an internal host to a public IP, with version 8.2 and lower, the ACL applied to the outside interface will say something like: permit tcp any host <PUBLICIP> eq 80</PUBLICIP></P><P></P><P>From version 8.3 onwards, the ACL will say: permit tcp any host <PRIVATEIP> eq 80</PRIVATEIP></P><P></P><P>All the NAT configuration also changes from version 8.3 onwards.</P><P></P><P>Here are all the changes from version 8.3 onwards (major changes being the NAT configuration and also ACL):</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html#wp432043">http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html#wp432043</A></P><P></P><P>Hope that answers your question.</P></BODY></HTML> Tue, 25 Sep 2012 20:59:20 GMT https://community.cisco.com/t5/network-security/asa-8-3-migration-changes-hosts-to-objects/m-p/2063126#M398834 Jennifer Halim 2012-09-25T20:59:20Z https://community.cisco.com/t5/network-security/asa-8-3-migration-changes-hosts-to-objects/m-p/2063127#M398835 <HTML><HEAD></HEAD><BODY><P>This has nothing to do with NAT rules.&nbsp; These were changes made to standard access-list rules.</P><P></P><P>Previously, it looked like this:</P><P></P><P>access-list acl_name extended permit tcp object-group obj_group_name host SERVER1 eq www</P><P></P><P>Now I get this:</P><P></P><P>object network SERVER1</P><P> host 1.1.1.1</P><P> description Created during name migration</P><P></P><P> access-list acl_name extended permit tcp object-group obj_group_name object SERVER1 eq www</P><P></P><P></P><P>Also, I noticed that it only did this if we had a name entry for the host.&nbsp; If the ACL included a "host 10.10.10.10", then that ACL was unchanged.</P></BODY></HTML> Wed, 26 Sep 2012 12:30:56 GMT https://community.cisco.com/t5/network-security/asa-8-3-migration-changes-hosts-to-objects/m-p/2063127#M398835 jason.williams 2012-09-26T12:30:56Z https://community.cisco.com/t5/network-security/asa-8-3-migration-changes-hosts-to-objects/m-p/2063128#M398836 <HTML><HEAD></HEAD><BODY><P>Yes, you are right. The host that has a "name" entry gets migrated to object.</P><P></P><P>Here is the URL for your reference:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html#wp106362">http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html#wp106362</A></P><P></P><P>Here is the full migration document to version 8.3 and above for your reference:</P><P><A class="jive-link-external-small" href="http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html">http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html</A></P></BODY></HTML> Thu, 27 Sep 2012 14:58:51 GMT https://community.cisco.com/t5/network-security/asa-8-3-migration-changes-hosts-to-objects/m-p/2063128#M398836 Jennifer Halim 2012-09-27T14:58:51Z