I have 8.2 configuration that works:
global (inside) 1 192.168.1.1
nat (outside) 1 access-list Servers outside
static (inside,outside) 10.16.0.0 10.1.0.0 netmask 255.255.0.0
static (inside,outside) 10.17.0.0 10.2.0.0 netmask 255.255.0.0
static (inside,outside) 10.18.0.0 10.11.0.0 netmask 255.255.0.0
static (inside,outside) 10.19.0.0 10.12.0.0 netmask 255.255.0.0
static (outside,inside) 192.168.1.1 126.96.36.199 netmask 255.255.255.255
ACL Servers has only two hosts:
It is remote monitoring ASA, so I need to nat user networks (10.1.x.y, 10.2.x.y) to something that I can use (10.16.x.y, 10.17.x.y...)
Also, since it my device, I have them configure snmp and syslog server on client's network to use 192.168.1.1, so I have dynamic NAT for two SNMP servers and static NAT for one of them (which is syslog server).
Can someone please create 8.4 version, so I can apply it? I tried few things, packet tracer shows that they are NATed, but I have only Denc packets, because hosts see request coming from my public IP...
Can you try the conversion with the help of the following document:
Hope this helps.
P.S.:please mark this thread as answered if you feel your query is resolved. Do rate helpful posts.
honestly, doesn't help much. I configured lot of 8.3 and 8.4 NAT, so I am very familiar with documents and procedures, here is very specific example, we are using twice NAT, so it could be that order of operations are changed, or something similar.
I need very precise info.
can you give us more clarity on the issue, r you looking for the commands or you already have the commands and they r not working? if so please paste the nat rules you have with the requirement so that we can see wht is going on
as far as what has changed, other than the syntax the main diff is that we check the nat first then acl hence the need to allow real ip in acl for static nat
If you are looking for corresponding nat commands to the ones that you have pasted, they are as follows:
object network 10.16.0.0_network
subnet 10.16.0.0 255.255.0.0
object network 10.1.0.0_network
subnet 10.1.0.0 255.255.0.0
object network 10.17.0.0_network
subnet 10.17.0.0 255.255.0.0
object network 10.2.0.0_network
subnet 10.2.0.0 255.255.0.0
object network 10.18.0.0_network
subnet 10.18.0.0 255.255.0.0
object network 10.19.0.0_network
subnet 10.19.0.0 255.255.0.0
object network 10.11.0.0_network
subnet 10.11.0.0 255.255.0.0
object network 10.12.0.0_network
subnet 10.12.0.0 255.255.0.0
So the corresponsing nat commands for static would be:
nat (outside,inside) source static any any destination static 10.16.0.0_network 10.1.0.0_network
nat (outside,inside) source static any any destination static 10.17.0.0_network 10.2.0.0_network
nat (outside,inside) source static any any destination static 10.18.0.0_network 10.11.0.0_network
nat (outside,inside) source static any any destination static 10.19.0.0_network 10.12.0.0_network
And for the last static command:
object network private_ip
object network public_ip
nat (inside,outside) source static any any destination static private_ip public_ip
The first two nat commands doesn't seem right to me, could you verify whether this is wat you had earlier????
Hi..I am also in phase of migrating software from 8.2 to 8.4. I am facing issues while changing below config in 8.4. Could anyone pls helpout.
access-list www_http extended permit tcp host 192.168.183.202 any eq www
access-list www_http extended permit tcp host 192.168.183.202 any eq https
access-list www_http extended permit tcp host 192.168.183.196 any eq www
access-list www_http extended permit tcp host 192.168.183.196 any eq https
nat (inside) 3 access-list www_http
global (outside) 3 188.8.131.52 netmask 255.255.255.255