Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
656
Views
0
Helpful
4
Replies

8.4 migration

sivakumar shankar
Level 1
Level 1

‎08-06-2012 07:38 AM - edited ‎03-11-2019 04:38 PM

Hi.

We are planning on the move to ASA 8.4 version from 8.2, I see there are some changes in the Static and PAT commands in new version.

There are huge sum of lines for static NAT entries in the current ASA 8.2, if these will get translated by itself to the new configuration when upgrading to 8.4, or manually we need to configure them line by line. Pls help me on this.

Thanks in advance

Shiva

Labels:
0 Helpful
4 Replies 4

Karsten Iwen
VIP
VIP

‎08-06-2012 07:42 AM

The config gets translated to the new syntax. But don't expect a prefect result. I had different results when upgrading ASAs. Simple configs mostly worked fine, some more complex configs broke totally and some were just badly migrated.

So my advice is to do it by manually. That's also a good opinion to optimise the config.

0 Helpful

sivakumar shankar
Level 1
Level 1
In response to Karsten Iwen

‎08-06-2012 07:51 AM

Thanks Karsten.

0 Helpful

sivakumar shankar
Level 1
Level 1
In response to sivakumar shankar

‎08-06-2012 10:22 PM

Hi, is this correct?

Local server IP: 10.1.1.1 port 7004

Natted IP: 33.33.33.33 port 5004

8.2 config:

static (inside,outside) tcp 33.33.33.33 5004 10.1.1.1 7004 netmask 255.255.255.255

access-list outside_in extended permit tcp any host 33.33.33.33 5004

8.4 config:

object network   obj-10.1.1.1_7004
host 10.1.1.1

nat (inside,outside) static 33.33.33.33 service tcp 7004 5004

access-list outside_in extended permit tcp any host 10.1.1.1 7004

0 Helpful

Karsten Iwen
VIP
VIP
In response to sivakumar shankar

‎08-06-2012 11:47 PM

Yes, thats correct. But keep in mind that the NAT-rules are now processed top-down. The more specific rules have to be on the top.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card