03-07-2012 09:01 AM - edited 03-11-2019 03:39 PM
I am migrating an asa 5520 from 8.2 to 8.3 and after the migration the ACL's are blocking access to the DMZ. It looks like the NAT functions were migrated properly by the migration tool but now when I try to access devices in the DMZ the ACL is denying the traffic because my acls in 8.2 had the NATTED IP, not the real IP in the ACL. Now it looks like 8.3 is looking for the real IP and not the NATTED IP.
Here is an example:
Inside network: 172.24.0.0/24
DMZ server real IP: 1.1.1.1
DMZ server NAT IP 2.2.2.2
so, in 8.2 I would have an ACL on the inside interface that said permit 172.24.0.0/24 to 2.2.2.2 eq 80, 443.
This acl doesn't work in my 8.3 config because it wants:
permit 172.24.0.0/24 to 1.1.1.1 eq 80, 443.
Is this correct for 8.3 or are my NAT rules all messed up after the migration?
Thanks
03-07-2012 09:35 AM
Hello Dylan,
That is 100 % correct. You are right.
Please read this, it will help you!.
Do rate all the helpful posts
Julio
03-07-2012 12:01 PM
hello dylan,
Below is the link for the release notes for 8.3, You will get most of the answers here,And ur thoughts are perfect,
http://www.cisco.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
Thanks
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide