cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
726
Views
0
Helpful
1
Replies

Migrate ASA 5510 8.3(2) to ASA 5515 9.1 NAT AND ACL CONFIGURATIONS

thegreatjmcp
Level 1
Level 1

Hello I want to migrate an ASA 5510 8.3(2) to an ASA 5515 9.1. I want to know if there are some changes in NAT syntax, for example I have a static nat define in the old asa like this:

nat (inside,outside) source static object network object network destination static object network object network

I want to know before I start the migration if there is some changes in the syntax.

Also I have an ACL define in the old ASA this way:

access-list name extended permit ip host x.x.x.x host x.x.x.x

Thanks for your advice beforehand

1 Accepted Solution

Accepted Solutions

Marvin Rhoads
Hall of Fame
Hall of Fame

Yes the NAT syntax has all changed. There are dozens of articles on this. I recommend in particular Jouni Forss' writeup here:

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

There is also a very good article at tunnelsup.com:

https://www.tunnelsup.com/nat-for-cisco-asas-version-8-3/

Also see the conversion tool that is available there.

Access-lists now use the real IP in the syntax for hosts that have static NAT entires. 8.2 and earlier used the public IP address.

View solution in original post

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

Yes the NAT syntax has all changed. There are dozens of articles on this. I recommend in particular Jouni Forss' writeup here:

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

There is also a very good article at tunnelsup.com:

https://www.tunnelsup.com/nat-for-cisco-asas-version-8-3/

Also see the conversion tool that is available there.

Access-lists now use the real IP in the syntax for hosts that have static NAT entires. 8.2 and earlier used the public IP address.

Review Cisco Networking for a $25 gift card