Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
635
Views
0
Helpful
1
Replies

Migrate ASA 5510 8.3(2) to ASA 5515 9.1 NAT AND ACL CONFIGURATIONS

Go to solution
thegreatjmcp
Level 1
Level 1

‎02-24-2017 03:03 PM - edited ‎02-21-2020 06:01 AM

Hello I want to migrate an ASA 5510 8.3(2) to an ASA 5515 9.1. I want to know if there are some changes in NAT syntax, for example I have a static nat define in the old asa like this:

nat (inside,outside) source static object network object network destination static object network object network

I want to know before I start the migration if there is some changes in the syntax.

Also I have an ACL define in the old ASA this way:

access-list name extended permit ip host x.x.x.x host x.x.x.x

Thanks for your advice beforehand

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-25-2017 06:37 AM

Yes the NAT syntax has all changed. There are dozens of articles on this. I recommend in particular Jouni Forss' writeup here:

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

There is also a very good article at tunnelsup.com:

https://www.tunnelsup.com/nat-for-cisco-asas-version-8-3/

Also see the conversion tool that is available there.

Access-lists now use the real IP in the syntax for hosts that have static NAT entires. 8.2 and earlier used the public IP address.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-25-2017 06:37 AM

Yes the NAT syntax has all changed. There are dozens of articles on this. I recommend in particular Jouni Forss' writeup here:

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

There is also a very good article at tunnelsup.com:

https://www.tunnelsup.com/nat-for-cisco-asas-version-8-3/

Also see the conversion tool that is available there.

Access-lists now use the real IP in the syntax for hosts that have static NAT entires. 8.2 and earlier used the public IP address.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card