Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
695
Views
0
Helpful
1
Replies

ASA 5510 post and pre 8.3 NATting and ACLs

Adam Hudson
Level 1
Level 1

‎08-31-2012 06:47 AM - edited ‎03-11-2019 04:48 PM

In the near future I plan on updating all of my firewalls to 8.4, currently we're on a mix of 8.0 and 8.2. I've heard that if your equipment is on 8.2 there's an auto-conversion feature when upgrading to 8.3. However, I do not want to rely on that and am trying my hand at re-writing the NAT and ACLs myself. Attached is my pre 8.3 ASA 5510 config (santized) and a document that shows the particular sections pre 8.3 and what I think they should be after the upgrade.

Can someone take a look and let me know if these look right?

Labels:
134236-SiteA-831-Sanitize.txt.zip
134235-SiteA_831_8dot3changes.txt.zip
0 Helpful
1 Reply 1

Karsten Iwen
VIP
VIP

‎08-31-2012 07:08 AM

I didn't go through your complete config to check it but some hints:

1) for your NAT-Excemption, you can use object-groups. With that you only need one line per interface-combination.

2) There is no nat-control anymore. If there is no nat-command between a particular set of interfaces the packets are just routed between the interfaces.

3) Keep in mind that the new rules are processed top down. By default your global nat-statements come first, then the object-nat.

With that, your config could be more optimized.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card