06-24-2019 03:31 AM - edited 02-21-2020 09:14 AM
Hi Guys,
Good day!
I am planning to upgrade my firewall from old model with 8.2.x version to new model with 9.8.x version. I am done converting the configuration of my 8.2.x by upgrading my lab ASA in the lab to 9.8.x.
I am aware that there is a huge difference about the NAT configuration between 8.2 and 9.x but I would like to confirm with you, I noticed that in my 8.2 I configured "nat-control" command then when I upgraded my lab ASA to 9.x with the same configuration, that command is not there anymore and instead every NAT statement in my 9.x has the "route-lookup" keyword.
Is that normal? Is that the conversion configuration of the "nat-control" to 9.x? What does it mean?
Thanks
06-24-2019 05:15 AM
There is no concept of nat-control with 8.3 onward, so no need to worry about it. Explained here:
Route-lookup is recommended to be configured for identity rules, so that the ASA makes the destination interface lookup based on routing table rather than just the NAT rules. This is especially useful when you have rules that have "any" as source or destination interface. No relation to nat-control.
06-24-2019 12:50 PM
suggest to have a look below information :
https://community.cisco.com/t5/firewalls/asa-8-0-to-9-x-directly/td-p/2260344
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide