Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
326
Views
0
Helpful
4
Replies

IS this a correct config

Go to solution
taurusadnan
Level 1
Level 1

‎06-13-2013 09:18 AM - edited ‎03-11-2019 06:57 PM

hello to all members:-

   

i am trying to convert my old ASA ios config to new. could you guys review and let me know the convertion is look correct???

old

access-list MGMTSOFTWARE_access_in extended permit tcp 192.168.3.0 255.255.255.0 host 10.0.9.5 eq 4433
static (MGMTSOFTWARE,DMZ) 10.160.129.97  access-list MGMTSOFTWARE_nat_static

new
object network obj-10.0.9.5
host 10.0.9.5

obj-192.168.3.0
subnet 192.168.3.0 255.255.255.0

object service obj-10.0.9.5-ser
service tcp destination eq 4433


object network obj-10.160.129.97
host 10.160.129.97
nat (MGMTSOFTWARE,DMZ) source static obj-192.168.3.0 obj-10.160.129.97 destination static obj-10.0.9.5 obj-10.0.9.5 serv obj-10.0.9.5-ser obj-10.0.1.51-ser

Thanks a lot for your help

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to taurusadnan

‎06-13-2013 09:34 AM

Hi,

I used "dynamic" as you have a complete subnet as a source and a single host address as the NAT IP address.

Though I imagine the ASA will also accept the "static" and it would work.

- Jouni

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎06-13-2013 09:27 AM

Hi,

I think you would need the following configuration

object network SOURCE-MAPPED

host 10.160.129.97

object network SOURCE-REAL

  subnet 192.168.3.0 255.255.255.0

object network DESTINATION

host 10.0.9.5

object service TCP-4433

service tcp destination eq 4433

nat (MGMTSOFTWARE,DMZ) source dynamic SOURCE-REAL SOURCE-MAPPED destination static DESTINATION DESTINATION service TCP-4433 TCP-4433

I changed the object names a bit so they dont overlap with the ones I mention to you in your other post

Hope this helps

Again remember to mark a reply as the correct answer if it answered your question.

Ask more if needed

- Jouni

0 Helpful

Go to solution
taurusadnan
Level 1
Level 1
In response to Jouni Forss

‎06-13-2013 09:32 AM

Hi,

nat (MGMTSOFTWARE,DMZ) source dynamic

i read your above config and i am useing static nat in my config i am wondering why you use dynamic in your config. kindly guid me

thanks

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to taurusadnan

‎06-13-2013 09:34 AM

Hi,

I used "dynamic" as you have a complete subnet as a source and a single host address as the NAT IP address.

Though I imagine the ASA will also accept the "static" and it would work.

- Jouni

0 Helpful

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni
In response to Jouni Forss

‎06-13-2013 09:35 AM

Actually you have given the wrong ACL in your original post

access-list MGMTSOFTWARE_access_in extended permit tcp 192.168.3.0 255.255.255.0 host 10.0.9.5 eq 4433

and the configuration has

access-list MGMTSOFTWARE_nat_static

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card