cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
812
Views
5
Helpful
2
Replies

NAT from version 7.2 to 8.6 with ACLs

tgut
Level 1
Level 1

Hello everybody,

i am so confused about the new changes from de command lines in ASA ver 7.2 to 8.6

in some cases i've found some tools to translate NAT, for example:

global (outside) 1 interface

nat (inside) 0 access-list NONAT

nat (inside) 1 0.0.0.0 0.0.0.0

where the new command line is:

object network obj-any_inside-outside

subnet 0.0.0.0 0.0.0.0

nat (inside,outside) dynamic interface

I think that is ok, but there is not showed how to apply the ACL

access-list NONAT extended permit ip interface outside 172.16.xxx.xxx 255.255.255.224

access-list NONAT extended permit ip 172.16.xxx.xxx 255.255.255.0 10.166.xxx.xxx 255.255.255.0

access-list NONAT extended permit ip object-group OG-MY_INTERNAL_NETWORK 10.161.xxx.0 255.255.252.0

in other lines this is the old config

static (inside,outside) 10.75.5.75  access-list MY-ACL

access-list MY-ACL extended permit ip host 10.161.xxx.xxx host 172.20.xxx.xxx

i have read some links, but i really cannot clarify how can accomodate these lines to the new version

Can you help me?

i appreciate any help to resolve this change in the configuration on the new version

Thanks in Advance

Rolando Gutierrez

2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

Hi Rolando,

access-list NONAT extended permit ip172.16.xxx.xxx 255.255.255.0 10.166.xxx.xxx 255.255.255.0

nat (inside) 0 access-list NONAT

object network 172.16.X.X

Subnet 172.16.x.x

object network 166.x.x.x

subnet 166.x.x.x

nat (inside,outside) source static 172.16.X.X  172.16.X.X  166.x.x.x  166.x.x.x

static (inside,outside) 10.75.5.75  access-list MY-ACL

access-list MY-ACL extended permit ip host 10.161.xxx.xxx host 172.20.xxx.xxx

object network A

host 10.75.5.75

object network B

host 10.161.x.x

Object network C

host 172.20.x.x

nat (inside,outside) source static B A destination static C C

Regards,

Julio

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thanks for your answer!

I really appreciate!

Regards,

RG

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: