Nat Migration

macboy276 · ‎06-08-2015

I am migrating from asa 5505 to 5512, i would like to know how do i write nat commands in new version

nat (outside) 1 NEW_VPN_POOL 255.255.255.0

nat (inside) 0 access-list inside_nat0_outbound

nat (inside) 1 Inside_Subnet 255.255.255.0

nat (dmz) 0 access-list dmz_nat0_outbound

nat (dmz) 2 DMZ_Subnet 255.255.255.0

nat (asainside) 0 access-list asainside_nat0_outbound

nat (asainside) 1 192.168.4.0 255.255.255.0

nat (Internal_LAN) 1 172.168.1.0 255.255.255.0

static (dmz,outside) 12.14.12.31 VPN_3005 netmask 255.255.255.255

static (inside,dmz) 192.168.2.73 serverDC2 netmask 255.255.255.255

static (outside,inside) VTC VTC_Outside netmask 255.255.255.255

static (Internal_LAN,inside) 172.168.1.0 172.168.1.0 netmask 255.255.255.255

static (inside,outside) 99.99.99.12 SERVERVMSEC netmask 255.255.255.255

Akshay Rastogi · ‎06-13-2015

Hi,

- First step, you need to create objects or object-groups for your concerned hosts or subnet. You need to use these objects in NAT statements in version 8.3 or above.

- For NAT Exempt statements, you could use TWICE/MANUAL NAT by keeping same objects in Real and Mapped portion of NAT statement.

- For Dynamic NAT statements, you could create Dynamic AUTO/Object NAT.

- For Static NAT Statements, you could create Static AUTO/Object NAT.

Please use the link below to understand and perform the same:

Creating Objects/ Object-group:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/general/asa_91_general_config/acl_objects.html

Object NAT:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/nat_objects.html

Twice NAT:

http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/configuration/firewall/asa_91_firewall_config/nat_rules.html

Please let me know if you have any query.

Thanks & Regards,

Akshay Rastogi