cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
891
Views
5
Helpful
2
Replies

NAT from version 7.2 to 8.6 with ACLs

tgut
Level 1
Level 1

Hello everybody,

i am so confused about the new changes from de command lines in ASA ver 7.2 to 8.6

in some cases i've found some tools to translate NAT, for example:

global (outside) 1 interface

nat (inside) 0 access-list NONAT

nat (inside) 1 0.0.0.0 0.0.0.0

where the new command line is:

object network obj-any_inside-outside

subnet 0.0.0.0 0.0.0.0

nat (inside,outside) dynamic interface

I think that is ok, but there is not showed how to apply the ACL

access-list NONAT extended permit ip interface outside 172.16.xxx.xxx 255.255.255.224

access-list NONAT extended permit ip 172.16.xxx.xxx 255.255.255.0 10.166.xxx.xxx 255.255.255.0

access-list NONAT extended permit ip object-group OG-MY_INTERNAL_NETWORK 10.161.xxx.0 255.255.252.0

in other lines this is the old config

static (inside,outside) 10.75.5.75  access-list MY-ACL

access-list MY-ACL extended permit ip host 10.161.xxx.xxx host 172.20.xxx.xxx

i have read some links, but i really cannot clarify how can accomodate these lines to the new version

Can you help me?

i appreciate any help to resolve this change in the configuration on the new version

Thanks in Advance

Rolando Gutierrez

2 Replies 2

Julio Carvajal
VIP Alumni
VIP Alumni

Hi Rolando,

access-list NONAT extended permit ip172.16.xxx.xxx 255.255.255.0 10.166.xxx.xxx 255.255.255.0

nat (inside) 0 access-list NONAT

object network 172.16.X.X

Subnet 172.16.x.x

object network 166.x.x.x

subnet 166.x.x.x

nat (inside,outside) source static 172.16.X.X  172.16.X.X  166.x.x.x  166.x.x.x

static (inside,outside) 10.75.5.75  access-list MY-ACL

access-list MY-ACL extended permit ip host 10.161.xxx.xxx host 172.20.xxx.xxx

object network A

host 10.75.5.75

object network B

host 10.161.x.x

Object network C

host 172.20.x.x

nat (inside,outside) source static B A destination static C C

Regards,

Julio

Remember to rate all of the helpful posts

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC

Thanks for your answer!

I really appreciate!

Regards,

RG

Review Cisco Networking for a $25 gift card