Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
221
Views
0
Helpful
1
Replies

nat conversion

ttnilicense
Level 1
Level 1

‎05-10-2018 02:40 AM - edited ‎02-21-2020 07:45 AM

Hi everyone,

 

Please help me on how to convert this 8.1 cisco asa configuration into 9.1.  Appreciate the help.

 

global (outsid) 2 150.x.x.x

nat (inside) 2 10.1.200.0 255.255.255.0 tcp 100 100

 

 

Labels:
0 Helpful
1 Reply 1

Florin Barhala
Level 6
Level 6

‎05-10-2018 05:06 AM

This should do it:

 

object network obj-150.x.x.x
host 150.x.x.x


object network obj-10.1.200.0
subnet 10.1.200.0 255.255.255.0


nat (inside,outside) source dynamic obj-10.1.200.0 obj-150.x.x.x

 

Documentation used:

https://www.cisco.com/c/en/us/td/docs/security/asa/asa82/configuration/guide/config/nat_dynamic.html

 

As for the last part (most interesting one): tcp 100 100 ; here's the answer:

 

The tcp option specifies the protocol at TCP.

The tcp_max_cons argument specifies the maximum number of simultaneous TCP connections allowed to the local-host (see the local-host command). The default is 0, which means unlimited connections. (Idle connections are closed after the idle timeout specified by the timeout conn command.)

The emb_limit option specifies the maximum number of embryonic connections per host. The default is 0, which means unlimited embryonic connections.

 

Martin pointed out couple years ago here:

 

The ability to limit this per NAT rule was deprecated with the overhaul of NAT functions in ASA 8.3.

Currently we can only limit connections globally or in policy maps using the "set connection" options. 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card