08-17-2010 03:05 AM - edited 03-11-2019 11:26 AM
Hello,
Has anyone got v8.3 up and running on a 5500 ASA ?
My old nat commands are no longer supported and I'm not certain of the best format for the new ones.
I've studied the migration guide but just want to confirm my thoughts.
My nat commands are below.
Thanks.
S.
global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 192.168.1.0 255.255.255.0
static (inside,outside) tcp 111.222.333.444 smtp 192.168.1.1 smtp netmask 255.255.255.255
static (inside,outside) tcp 111.222.333.444 https 192.168.1.1 https netmask 255.255.255.255
static (inside,outside) tcp 111.222.333.444 www 192.168.1.1 www netmask 255.255.255.255
08-17-2010 03:21 AM
Hi,
Your thoughts are correct
For more information,just have a look into the below URL.
http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/cfgnat.html#wp1043610
Thanks
Samy
11-08-2010 05:31 AM
Hi Stephen,
Here are a couple of quick examples of what the new config will look like:
Pre-8.3:
global (outside) 1 interface
nat (inside) 1 192.168.1.0 255.255.255.0
8.3:
object network obj-192.168.1.0
subnet 192.168.1.0 255.255.255.0
nat (inside,outside) dynamic interface
Pre-8.3:
static (inside,outside) tcp 111.222.333.444 smtp 192.168.1.1 smtp netmask 255.255.255.255
8.3:
object network obj-192.168.1.1-smtp
host 192.168.1.1
nat (inside,outside) static 111.222.333.444 service tcp smtp smtp
Pre-8.3:
nat (inside) 0 access-list nonat
This will depend on what the nonat access-list looks like. Each line in this ACL will become it's own manual NAT statement. For example:
object network obj-192.168.1.0-nonat
subnet 192.168.1.0 255.255.255.0
object network obj-10.1.1.0
subnet 10.1.1.0 255.255.255.0
!
nat (inside,outside) source static obj-192.168.1.0 obj-192.168.1.0 destination static obj-10.1.1.0 obj-10.1.1.0
That will have the equivalent NAT 0 functionality when 192.168.1.0/24 talks to 10.1.1.0/24
Here is another link that will help illustrate the differences between pre-8.3 and 8.3 NAT config:
https://supportforums.cisco.com/docs/DOC-9129
Hope that helps.
-Mike
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide