I am migrating an asa 5520 from 8.2 to 8.3 and after the migration the ACL's are blocking access to the DMZ. It looks like the NAT functions were migrated properly by the migration tool but now when I try to access devices in the DMZ the ACL is denying the traffic because my acls in 8.2 had the NATTED IP, not the real IP in the ACL. Now it looks like 8.3 is looking for the real IP and not the NATTED IP.
Here is an example:
Inside network: 172.24.0.0/24
DMZ server real IP: 220.127.116.11
DMZ server NAT IP 18.104.22.168
so, in 8.2 I would have an ACL on the inside interface that said permit 172.24.0.0/24 to 22.214.171.124 eq 80, 443.
This acl doesn't work in my 8.3 config because it wants:
permit 172.24.0.0/24 to 126.96.36.199 eq 80, 443.
Is this correct for 8.3 or are my NAT rules all messed up after the migration?
That is 100 % correct. You are right.
Please read this, it will help you!.
Do rate all the helpful posts
Below is the link for the release notes for 8.3, You will get most of the answers here,And ur thoughts are perfect,