06-13-2013 09:18 AM - edited 03-11-2019 06:57 PM
hello to all members:-
i am trying to convert my old ASA ios config to new. could you guys review and let me know the convertion is look correct???
old
access-list MGMTSOFTWARE_access_in extended permit tcp 192.168.3.0 255.255.255.0 host 10.0.9.5 eq 4433
static (MGMTSOFTWARE,DMZ) 10.160.129.97 access-list MGMTSOFTWARE_nat_static
new
object network obj-10.0.9.5
host 10.0.9.5
obj-192.168.3.0
subnet 192.168.3.0 255.255.255.0
object service obj-10.0.9.5-ser
service tcp destination eq 4433
object network obj-10.160.129.97
host 10.160.129.97
nat (MGMTSOFTWARE,DMZ) source static obj-192.168.3.0 obj-10.160.129.97 destination static obj-10.0.9.5 obj-10.0.9.5 serv obj-10.0.9.5-ser obj-10.0.1.51-ser
Thanks a lot for your help
Solved! Go to Solution.
06-13-2013 09:34 AM
Hi,
I used "dynamic" as you have a complete subnet as a source and a single host address as the NAT IP address.
Though I imagine the ASA will also accept the "static" and it would work.
- Jouni
06-13-2013 09:27 AM
Hi,
I think you would need the following configuration
object network SOURCE-MAPPED
host 10.160.129.97
object network SOURCE-REAL
subnet 192.168.3.0 255.255.255.0
object network DESTINATION
host 10.0.9.5
object service TCP-4433
service tcp destination eq 4433
nat (MGMTSOFTWARE,DMZ) source dynamic SOURCE-REAL SOURCE-MAPPED destination static DESTINATION DESTINATION service TCP-4433 TCP-4433
I changed the object names a bit so they dont overlap with the ones I mention to you in your other post
Hope this helps
Again remember to mark a reply as the correct answer if it answered your question.
Ask more if needed
- Jouni
06-13-2013 09:32 AM
Hi,
nat (MGMTSOFTWARE,DMZ) source dynamic
i read your above config and i am useing static nat in my config i am wondering why you use dynamic in your config. kindly guid me
thanks
06-13-2013 09:34 AM
Hi,
I used "dynamic" as you have a complete subnet as a source and a single host address as the NAT IP address.
Though I imagine the ASA will also accept the "static" and it would work.
- Jouni
06-13-2013 09:35 AM
Actually you have given the wrong ACL in your original post
access-list MGMTSOFTWARE_access_in extended permit tcp 192.168.3.0 255.255.255.0 host 10.0.9.5 eq 4433
and the configuration has
access-list MGMTSOFTWARE_nat_static
- Jouni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide