Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
473
Views
0
Helpful
1
Replies

Cisco ASA NAT conversion from version 7.0 to 9.16

abideen.shaikh
Level 1
Level 1

‎07-20-2022 09:29 AM

Hi All,

I have cisco ASA 5500 ver7.0 with below NAT statements I am migrating to ASA version 9.16 on FPR2110.

Want to know if these statements does need to be converted or they can be dropped seems like they are not doing real NATTing? 

 

However, there are quite few NAT statements which does real natting please suggest the tool or right way to do the NAT conversion from pre 8.2 to post 8.2 versions. 

static (dmz_mgmt,dcn) 10.178.22.64 10.178.22.64 netmask 255.255.255.224
static (tftp_vlan,dcn) 10.178.22.128 10.178.22.128 netmask 255.255.255.224
static (dcn,dmz_mgmt) 10.0.0.0 10.0.0.0 netmask 255.0.0.0
static (dcn,tftp_vlan) 10.176.0.0 10.176.0.0 netmask 255.252.0.0

0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎07-20-2022 10:05 AM

You can use this website to convert your pre-8.2 NAT syntax to modern style NAT rules:

https://www.tunnelsup.com/nat-converter/

Normally we would have let the built-in parser take care of it when upgrading inline on the ASA appliance but your version is so old that's not an option.

The other option is to analyze your network requirements and rewrite the NAT rules manually from scratch. Chances are anything actually running 7.0 in production has been in place 10-15 years and is overdue for a configuration cleanup.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card