08-06-2012 07:38 AM - edited 03-11-2019 04:38 PM
Hi.
We are planning on the move to ASA 8.4 version from 8.2, I see there are some changes in the Static and PAT commands in new version.
There are huge sum of lines for static NAT entries in the current ASA 8.2, if these will get translated by itself to the new configuration when upgrading to 8.4, or manually we need to configure them line by line. Pls help me on this.
Thanks in advance
Shiva
08-06-2012 07:42 AM
The config gets translated to the new syntax. But don't expect a prefect result. I had different results when upgrading ASAs. Simple configs mostly worked fine, some more complex configs broke totally and some were just badly migrated.
So my advice is to do it by manually. That's also a good opinion to optimise the config.
08-06-2012 07:51 AM
Thanks Karsten.
08-06-2012 10:22 PM
Hi, is this correct?
Local server IP: 10.1.1.1 port 7004
Natted IP: 33.33.33.33 port 5004
8.2 config:
static (inside,outside) tcp 33.33.33.33 5004 10.1.1.1 7004 netmask 255.255.255.255
access-list outside_in extended permit tcp any host 33.33.33.33 5004
8.4 config:
object network obj-10.1.1.1_7004 |
host 10.1.1.1 |
nat (inside,outside) static 33.33.33.33 service tcp 7004 5004 access-list outside_in extended permit tcp any host 10.1.1.1 7004 |
08-06-2012 11:47 PM
Yes, thats correct. But keep in mind that the NAT-rules are now processed top-down. The more specific rules have to be on the top.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide