cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
611
Views
1
Helpful
5
Replies

ASA pre 8.3 code same Src and Dst Natting subnets and hosts

abideen.shaikh1
Level 1
Level 1

Hi All,

I would like to ask a question regarding an upgrade of ASA code from pre 8.3 to post 8.3 config coversion.

I have many NAT statements which are self Natting below is the example. Can they be removed before converting the config to 8.3+ version or should they be retained? It doesnt seem like they are doing any real natting.

static (interface-1,interface-2) 1.1.1.1 1.1.1.1 netmask 255.255.255.255
static (interface-1,interface-2) 2.2.2.2 2.2.2.2 netmask 255.255.255.255

Any help would be appreciated.

5 Replies 5

show nat detail <<- check if this NAT have hit traffic or not 

abideen.shaikh1
Level 1
Level 1

translate_hits = 335003, untranslate_hits = 1569127

translate_hits = 351204, untranslate_hits = 1763292

 

Seems like there are translated and untranslated hits.

 

so this nat is active and use. 

abideen.shaikh1
Level 1
Level 1

is it enough to use below syntax on 8.3+ version without making any change in ACL?


object network OBJ-1.1.1.1
host 1.1.1.1
object network OBJ-1.1.1.1
host 1.1.1.1
nat (interface-1,interface-2) source static OBJ-1.1.1.1 OBJ-1.1.1.1

 

object network OBJ-2.2.2.2
host 2.2.2.2
object network OBJ-2.2.2.2
host 2.2.2.2
nat (interface-1,interface-2) source static OBJ-2.2.2.2 OBJ-2.2.2.2

You meaning add static NAT and it effect to ACL you apply ?
if Yes 
then there is some change between pre and post 8.3 
https://community.cisco.com/t5/network-security/asa-8-3-real-ip-address-in-acl/td-p/1864249

 

Review Cisco Networking for a $25 gift card