Solved: NAT problem after upgrading ASA from 8.2 to 9.1

roanlunner · ‎04-04-2016

I have updated ASA ver 9.1 from 8.2. After copying the config in asdm I found out that all the NAT statements was missing hence tried to configure NAT. But struggled due to new format of commands. After configuring the NAT I tried to establish Site to site vpn tunnel with our main firewall but unsuccessful, not sure if its due to NAT or the tunnel configuration. Have copied the old config in 8.2 and the new config in 9.1.

Please somebody help me if I have configured it wrong.

Thanks in advance

Sana

Aditya Ganjoo · ‎04-04-2016

Hi,

I do not think there is any config issue here.

Could you turn on the debugs on the ASA :

debug crypto ikev1 200

debug cry ipsec 200

Initiate traffic to the remote subnet and share the debugs.

Use undebug all to stop the debugs.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

View solution in original post

Aditya Ganjoo · ‎04-04-2016

Hi,

I do not think there is any config issue here.

Could you turn on the debugs on the ASA :

debug crypto ikev1 200

debug cry ipsec 200

Initiate traffic to the remote subnet and share the debugs.

Use undebug all to stop the debugs.

Regards,

Aditya

Please rate helpful posts and mark correct answers.

Cisco Freak · ‎04-04-2016

Hi,

Can you please try changing your NAT statement to:

nat (inside,any) source static Inside Inside destination static sikker sikker no-proxy-arp route-lookup

CF

rsalahuddin · ‎04-04-2016

Hi roanlunner - I had the same problem last year, moving our L2L tunnels from 8.2 code to 8.6.

8.6 and higher has NAT statement changes. From personal experience, I would suggest you use ASDM on the new 8.6 for atleast one tunnel to see what the CLI difference is.

HTH,

Rez