Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
368
Views
0
Helpful
1
Replies

NAT on PIX 6.3 to ASA 9.2

matthewatt
Level 1
Level 1

‎09-06-2017 12:43 PM - edited ‎02-21-2020 06:16 AM

I've got an old PIX running 6.3 code. Finally upgrading to an ASA 5515 running 9.2 code. I can't keep up with all the NAT changes that have taken place through the years. I have several of basically no nat statements on the PIX, like below:

 

static (inside,Lab) 172.16.128.100 172.16.128.100 netmask 255.255.255.255

static (inside,Lab) 172.16.128.101 172.16.128.101 netmask 255.255.255.255

static (inside,Lab) 172.16.128.102 172.16.128.102 netmask 255.255.255.255

 

When configuring the ASA, do I need any statements at all to account for this "no nat", does the ASA simply not nat by default, or do I need explicit no nat statements? If I need a statement, can I get an example of what one of mine would look like? Thank you in advance

Labels:
0 Helpful
1 Reply 1

Maykol Rojas
Cisco Employee
Cisco Employee

‎09-07-2017 03:05 PM

The reason why you used to do that on the old pix was due to "Nat-control" which basically forced you to have a NAT statement for everyplace you went. 

 

After version 7.2, NAT-control is disabled and those NATs are not needed anymore. In version 9.2 is the same thing, if you do not have those nat statements configured, by default it will use its own address without the need for the NAT statement. 

 

Hope this makes sense. 

 

Mike. 

Mike
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card