05-24-2017 09:44 PM - edited 03-12-2019 02:24 AM
Hello,
I have the following config on my old ASA5510 running 7.2. This is part of a site-to-site VPN config.
nat (inside) 0 access-list no_nat
access-list no_nat line 1 extended permit ip 192.168.22.0 255.255.255.0 host 10.125.125.15
access-list no_nat line 1 extended permit ip 192.168.22.0 255.255.255.0 host 10.125.125.16
access-list no_nat line 1 extended permit ip 192.168.22.0 255.255.255.0 host 10.125.125.17
access-list no_nat line 1 extended permit ip 192.168.22.0 255.255.255.0 host 10.125.125.18
We are moving to an ASA 5506 running 9.1 and the above does not work, I get an error message saying the command for the nat 0 statement has been depreciated. Please help me with the correct config for 9.1.
Thanks,
Mitchell
Solved! Go to Solution.
05-24-2017 11:59 PM
Hi,
The nat structure completely changed after 8.3. You can replace this with twice-nat in ASA.
e.g.
nat (in,out) source static 192.168.22.0_object 192.168.22.0_object destination static 10.125.125.0_object 10.125.125.0_object
You need to create the object-groups or objects before the nat statement and you need to locate in/out interfaces based on the routing
05-24-2017 11:59 PM
Hi,
The nat structure completely changed after 8.3. You can replace this with twice-nat in ASA.
e.g.
nat (in,out) source static 192.168.22.0_object 192.168.22.0_object destination static 10.125.125.0_object 10.125.125.0_object
You need to create the object-groups or objects before the nat statement and you need to locate in/out interfaces based on the routing
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: