cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

415
Views
0
Helpful
1
Replies
Highlighted
Beginner

Migrate ASA 5510 8.3(2) to ASA 5515 9.1 NAT AND ACL CONFIGURATIONS

Hello I want to migrate an ASA 5510 8.3(2) to an ASA 5515 9.1. I want to know if there are some changes in NAT syntax, for example I have a static nat define in the old asa like this:

nat (inside,outside) source static object network object network destination static object network object network

I want to know before I start the migration if there is some changes in the syntax.

Also I have an ACL define in the old ASA this way:

access-list name extended permit ip host x.x.x.x host x.x.x.x

Thanks for your advice beforehand

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Hall of Fame Guru

Yes the NAT syntax has all changed. There are dozens of articles on this. I recommend in particular Jouni Forss' writeup here:

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

There is also a very good article at tunnelsup.com:

https://www.tunnelsup.com/nat-for-cisco-asas-version-8-3/

Also see the conversion tool that is available there.

Access-lists now use the real IP in the syntax for hosts that have static NAT entires. 8.2 and earlier used the public IP address.

View solution in original post

1 REPLY 1
Highlighted
Hall of Fame Guru

Yes the NAT syntax has all changed. There are dozens of articles on this. I recommend in particular Jouni Forss' writeup here:

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

There is also a very good article at tunnelsup.com:

https://www.tunnelsup.com/nat-for-cisco-asas-version-8-3/

Also see the conversion tool that is available there.

Access-lists now use the real IP in the syntax for hosts that have static NAT entires. 8.2 and earlier used the public IP address.

View solution in original post

Content for Community-Ad