cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


238
Views
5
Helpful
2
Replies
Highlighted
Beginner

PIX to ASA 5506 NAT

Hi all,

I am in the process of converting an old PIX firewall that sits inside a DMZ and allows a tunnel to another Router and on to the internal network.  The current Pix config is below and the ultimate destination is 192.168.nn.2 from a specific external connecting router 152.91.nn.nn.  As you would know, the old NAT commands no longer work.  Could someone point me in the right direction to convert it to suit the ASA5506.

Thanks

Damien

 

access-list acl_outside permit tcp host 152.91.nn.nn host 192.168.nnn.2 eq lotusnotes
access-list acl_outside permit tcp host 152.91.nn.nn host 192.168.nnn.2 eq lotusnotes

 

global (outside) 1 interface
nat (inside) 1 172.16.nnn.0 255.255.255.0 0 0
nat (inside) 1 192.168.nnn.0 255.255.255.0 0 0
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) 192.168.nn.2 192.168.nnn.2 netmask 255.255.255.255 0 0
access-group acl_outside in interface outside
access-group acl_inside in interface inside

Everyone's tags (4)
2 REPLIES 2
Enthusiast

Re: PIX to ASA 5506 NAT

VIP Advisor

Re: PIX to ASA 5506 NAT

ACLs will be same.

For nat something like this will do

object network obj-192.168.n.2
host 192.168.n.2
nat (inside,outside) static obj-192.168.n.2 obj-192.168.n.2
!
object network any
network 0.0.0.0 0.0.0.0
nat (inside,outside) dynamic interface