Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1408
Views
0
Helpful
3
Replies

moving nat rules from asa to fmc?

baselzind
Level 6
Level 6

‎09-05-2019 01:05 AM - edited ‎02-21-2020 09:27 AM

i need to move asa 5520 9.1(7)11 config onto fmc , for the natting i have many natting rules on the asa that doesnt change the source or destination ip and im puzzled whether i need to move them or not into fmc?

0 Helpful
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

‎09-05-2019 02:42 AM

Those would most likely be identity NAT (also known as NAT exemption) rules. They typically continue to be needed as they exempt traffic from a more general NAT rule later in the config.

0 Helpful

Puneesh Chhabra
Cisco Employee
Cisco Employee

‎09-05-2019 02:50 AM

If you do not have any overlapping NATs, you do not need to put the NAT exempts.  For migration process and other caveats, you can go through the documentation for FTD migration tool:

 

https://www.cisco.com/c/en/us/td/docs/security/firepower/migration-tool/migration-guide/ASA2FTD-with-FP-Migration-Tool/b_Migration_Guide_ASA2FTD_chapter_00.html

 

Regards,

Puneesh

 

Please rate helpful posts

0 Helpful

Alessandro Roberto Alves
Level 1
Level 1

‎09-05-2019 08:57 AM

Will you migrate from ASA to FTD too?

If so, yes, you will need to move the NATs to the FMC. You can use Cisco's own Firepower Migration Tool to migrate settings.

Hope this helps.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card