05-24-2017 09:44 PM - edited 03-12-2019 02:24 AM
Hello,
I have the following config on my old ASA5510 running 7.2. This is part of a site-to-site VPN config.
nat (inside) 0 access-list no_nat
access-list no_nat line 1 extended permit ip 192.168.22.0 255.255.255.0 host 10.125.125.15
access-list no_nat line 1 extended permit ip 192.168.22.0 255.255.255.0 host 10.125.125.16
access-list no_nat line 1 extended permit ip 192.168.22.0 255.255.255.0 host 10.125.125.17
access-list no_nat line 1 extended permit ip 192.168.22.0 255.255.255.0 host 10.125.125.18
We are moving to an ASA 5506 running 9.1 and the above does not work, I get an error message saying the command for the nat 0 statement has been depreciated. Please help me with the correct config for 9.1.
Thanks,
Mitchell
Solved! Go to Solution.
05-24-2017 11:59 PM
Hi,
The nat structure completely changed after 8.3. You can replace this with twice-nat in ASA.
e.g.
nat (in,out) source static 192.168.22.0_object 192.168.22.0_object destination static 10.125.125.0_object 10.125.125.0_object
You need to create the object-groups or objects before the nat statement and you need to locate in/out interfaces based on the routing
05-24-2017 11:59 PM
Hi,
The nat structure completely changed after 8.3. You can replace this with twice-nat in ASA.
e.g.
nat (in,out) source static 192.168.22.0_object 192.168.22.0_object destination static 10.125.125.0_object 10.125.125.0_object
You need to create the object-groups or objects before the nat statement and you need to locate in/out interfaces based on the routing
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide