09-03-2010 10:48 PM - edited 03-11-2019 11:34 AM
Hi all,
how can i replace in 8.3 a NAT identity like:
nat (outside) 0 0.0.0.0 0.0.0.0 0 0
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
and also
established tcp 0 4000 permitto tcp 4000 permitfrom tcp 1024-65535
tnx a lot for any answer
Dan
09-04-2010 03:16 AM
Dan,
All the connection connection limitation have been moved to one place - MPF. No longer can you set additional setting on nat rules.
For established,
http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/ef.html#wp2010769
8.3 command reference still gives you that option - if the command is not there or doesn't work properly well let me know and we'll see.
For identity NAT, not sure what's the point of those would be... nat-control has been deprecated.
But the recommendation goes:
Error Message Identity-NAT was not migrated. If required, an appropriate bypass NAT rule needs to be
added.
Explanation Identity NAT not migrated. Identity NAT (the nat 0 command) is not migrated; also a nat-control command on that interface is not migrated.
Recommended Action Manually add a new Identity NAT rule using a static NAT command (either object or twice NAT).
Old Configuration
nat (inside) 0 192.168.1.0 255.255.255.0
http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html
HTH,
Marcin
09-04-2010 03:17 AM
Are you trying to perform NAT exemption for traffic through the ASA based on the following 2 NAT statements:
nat (outside) 0 0.0.0.0 0.0.0.0 0 0
nat (inside) 0 0.0.0.0 0.0.0.0 0 0
If you are, there is no need to configure any NAT statements if there isn't any other NAT statements already configured.
For the "established" command, it is still the same command in version 8.3:
http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/ef.html#wp2010769
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide