cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1696
Views
0
Helpful
5
Replies

ASA Nat 8.2 to 8.6 migration....

farooq.khan
Level 1
Level 1

Hi guys,

need lil guidance or pointing in right direction. we have upgraded 8.2 to 8.6 and i am having lil issue in changing nat syntax .....Firewall with 8.2 has few exemption rules configured, below is my config on 8.6 for exempting vpn traffic for both side.

8.6 code

(inside) to (outside) source static 0bj192.168.1.0 obj192.168.1.0   destination static ENVISAGE ENVISAGE

    translate_hits = 0, untranslate_hits = 0

    Source - Origin: 192.168.1.0/16, Translated: 192.168.1.0/16

    Destination - Origin: 10.204.0.0/16, Translated: 10.204.0.0/16

Below rule on 8.6  I  have used for exemption if any traffic from inside  is destined for 10.104.0.0 subnet.

(inside) to (any) source static any any   destination static NET-10.104.100.0 NET-10.104.100.0

    translate_hits = 0, untranslate_hits = 0

    Source - Origin: 0.0.0.0/0, Translated: 0.0.0.0/0

    Destination - Origin: 10.104.100.0/26, Translated: 10.104.100.0/26

iam sure syntax is righ but worth double checking.....

Also I cant figure out what is code for dynamic policy nat

Scenario is I have a rule configured if traffic is coming from inside ( subnet specified ) and going to dest ( specified subnet lets say B) use outside interface public ip.

Source A on inside going to source B Use public ip address. Since source B is multiple subnets some kind of access rule needs to be defined and then linked with NAT, and i have dynamic nat rule configured in 8.2 on inside inteface with source any destination not specified and translated section interface is inside and address is inside to not sure how am i gina achieve same in 8.6... in 8.2 inside name pool exsist too.. any help ? cheers

1 Accepted Solution

Accepted Solutions