cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

967
Views
0
Helpful
1
Replies
rgutierrez15
Beginner

ASA 8.x to 9.2 convert NAT with ports tcp udp

Hello Everyone,

 

I have a doubt about a nat rule from an old ASA to a new one

 

There is a NAT rule that i really don´t understand (I am a beginner in security)

 

global (outside) 110 Mail_Server netmask 255.255.255.224

nat (dmz) 110 dmz.srv.Mail 255.255.255.255 tcp 500 100 udp 50

 

what i can barely understand is that traffic coming from the dmz is translated to the IP range at the outside using the ports TCP 500, 100 and udp 50 right?

 

I am undestanding ok?

and, then, how can i translate to the version 9.2?

 

I really really will appreciate your help!

 

Thanks in Advance!

 

 

 

1 REPLY 1
Francesco Molino
VIP Mentor

Hi

Values associated with tcp and udp are max connections for the local-host with embryonic connections.
You can manage this on a policy-map. This isn't on a nat configuration anymore.

The config you posted will be translated into the following commands:

object network Mail_Server
subnet x.x.x.x 255.255.255.224
!
object network dmz.srv.Mail
host x.x.x.x
nat (dmz,outside) after-auto source dynamic dmz.srv.Mail Mail_Server

However i believe your internal mail server is natted to 1 public ip and nat command should be the following instead of the previous one:

object network Mail_Server
host x.x.x.x
!
object network dmz.srv.Mail
host x.x.x.x
nat (dmz,outside) static Mail_Server

In this case the nat is done under the group object dmz.srv.Mail






Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question