Solved: Migrate ASA 5510 8.3(2) to ASA 5515 9.1 NAT AND ACL CONFIGURATIONS

thegreatjmcp · ‎02-24-2017

Hello I want to migrate an ASA 5510 8.3(2) to an ASA 5515 9.1. I want to know if there are some changes in NAT syntax, for example I have a static nat define in the old asa like this:

nat (inside,outside) source static object network object network destination static object network object network

I want to know before I start the migration if there is some changes in the syntax.

Also I have an ACL define in the old ASA this way:

access-list name extended permit ip host x.x.x.x host x.x.x.x

Thanks for your advice beforehand

Marvin Rhoads · ‎02-25-2017

Yes the NAT syntax has all changed. There are dozens of articles on this. I recommend in particular Jouni Forss' writeup here:

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

There is also a very good article at tunnelsup.com:

https://www.tunnelsup.com/nat-for-cisco-asas-version-8-3/

Also see the conversion tool that is available there.

Access-lists now use the real IP in the syntax for hosts that have static NAT entires. 8.2 and earlier used the public IP address.

View solution in original post

Marvin Rhoads · ‎02-25-2017