Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
364
Views
0
Helpful
4
Replies

NAT command conversion from PIX 6.3 to ASA 5510

HNIN LEI SOE
Level 1
Level 1

‎04-16-2016 07:45 AM - edited ‎03-12-2019 12:37 AM

Hello,

Please someone help me to convert below PIX 6.3 NAT command to ASA.

interface ethernet0 auto
interface ethernet1 auto
nameif ethernet0 outside security0
nameif ethernet1 inside security100

static (inside,outside) 10.164.3.3 10.164.3.3 netmask 255.255.255.255

Thanks.

Labels:
0 Helpful
4 Replies 4

Marius Gunnerud
VIP
VIP

‎04-16-2016 08:03 AM

You are just NATing the IP to itself here.  is this for a VPN connection?

In PIX you were forced to NAT unless you disable NAT control.  NAT control is no longer an issue you need to consider, so traffic will pass through the ASA with out needing to have a NAT statement.

Now, if you have a dynamic NAT on the outside interface for internet traffic and this traffic is going towards a network over a VPN then you need to have an identity NAT configured.  But before we get into that we should identify what you are trying to do with this NAT statement first.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

HNIN LEI SOE
Level 1
Level 1
In response to Marius Gunnerud

‎04-16-2016 08:34 AM

Hello Marius,

I don't know exactly the meaning of pix configuration which was my senior implemented who left already. But now I have to migrate the current PIX config to the new ASA 5510. the problem is Nat commands are different between PIX 6.3 to ASA 5510. Please help me how to convert this command from PIX 6.3 "static (inside,outside) 10.164.3.3 10.164.3.3 netmask 255.255.255.255 "that was unable to type on ASA. other settings are work well.

Thanks.

0 Helpful

Marius Gunnerud
VIP
VIP
In response to HNIN LEI SOE

‎04-16-2016 08:43 AM

You can convert it to:

object network <objectname>

  host 10.164.3.3

  nat (inside,outside) static 10.1.164.3.3

I suggest you learn more about the setup, as configuring a firewall incorrectly is a security risk.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful

HNIN LEI SOE
Level 1
Level 1
In response to Marius Gunnerud

‎04-16-2016 08:50 AM

Hello Marius,

Thank you very much for your answer and advise :).

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card