Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
498
Views
0
Helpful
2
Replies

How to use Access list with NAT using 8.4???

Go to solution
wahedikhalid1
Level 1
Level 1

‎01-02-2016 09:56 PM - edited ‎03-12-2019 12:05 AM

Hello!

how do we convert the below command to verison 8.4.

Currently we have the below setup in verison 7.2

version 7.2

!

access-list 170 extended permit ip 172.16.0.0 255.255.0.0 192.168.71.0 255.255.255.0

!

global (cis) 22 interface
nat (inside) 22 access-list 170

Verison 8.4

!

???????

Your help is appricated.

Regards

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎01-03-2016 12:03 AM

Hi,

In post 8.3 versions, these policy nat statements (nat with access-lists) are changed to Manual NATs. Use of access-list in 8.2 version were to define when source goes to specific destination then translate source to this mapped address.  Taking as an example what you have mentioned, you can configured Manual NAT statement like:

object network obj-172.16.0.0

 subnet 172.16.0.0 255.255.0.0

object network obj-192.168.71.0

 subnet 192.168.71.0 255.255.255.0

nat (inside,cis) source dynamic obj-172.16.0.0 interface destination static obj-192.168.71.0 obj-192.168.71.0

This means that when 172 subnet goes to 192 subne then translate 172 to cis interface ip and keep the destination 192 ip as it is.

Above nat statment would yield the same result as the one you mentioned.

To have clear understanding of the conversion and equivalent nat statement in post 8.3 versions, please use the below link :

https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

Hope it helps.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Akshay Rastogi
Cisco Employee
Cisco Employee

‎01-03-2016 12:03 AM

Hi,

In post 8.3 versions, these policy nat statements (nat with access-lists) are changed to Manual NATs. Use of access-list in 8.2 version were to define when source goes to specific destination then translate source to this mapped address.  Taking as an example what you have mentioned, you can configured Manual NAT statement like:

object network obj-172.16.0.0

 subnet 172.16.0.0 255.255.0.0

object network obj-192.168.71.0

 subnet 192.168.71.0 255.255.255.0

nat (inside,cis) source dynamic obj-172.16.0.0 interface destination static obj-192.168.71.0 obj-192.168.71.0

This means that when 172 subnet goes to 192 subne then translate 172 to cis interface ip and keep the destination 192 ip as it is.

Above nat statment would yield the same result as the one you mentioned.

To have clear understanding of the conversion and equivalent nat statement in post 8.3 versions, please use the below link :

https://supportforums.cisco.com/document/33921/asa-pre-83-83-nat-configuration-examples

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

Hope it helps.

Regards,

Akshay Rastogi

Remember to rate helpful posts.

0 Helpful

Go to solution
wahedikhalid1
Level 1
Level 1
In response to Akshay Rastogi

‎01-03-2016 03:35 AM

Thank you very much for the prompt reply Mr Ashay Rastogi,

your post really helped me , thank you once again ,

appreciate your reply.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card