Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
365
Views
0
Helpful
4
Replies

NATTING for 9.5

adamgibs7
Level 6
Level 6

‎03-29-2016 10:34 AM - edited ‎03-12-2019 12:33 AM

Dear

I have migrated from 8.2 to 9.2 i have verified the configuration it has been migrated properly but I see lots of below commands not for only inside and DMZ but for others interfaces also, ,

object network obj_any

subnet 0.0.0.0 0.0.0.0  -------this means in subnet ip address if I am not wrong any ip address ???

object network obj-0.0.0.0

host 0.0.0.0 -----what does this means any host with any ip address ????

COMMANDS

object network obj_any
 subnet 0.0.0.0 0.0.0.0

object network obj_any
 nat (INSIDE,DMZ) dynamic obj-0.0.0.0

object network obj-0.0.0.0
 host 0.0.0.0

object network obj_any
 nat (INSIDE,DMZ) dynamic obj-0.0.0.0

Labels:
0 Helpful
4 Replies 4

Henrik Grankvist
Level 4
Level 4

‎03-29-2016 11:31 AM

Hello

In pre-8.3 code you had to NAT all the traffic if using nat-control eventhough you didn't have to NAT that traffic, if for example you had public IP adresses in the DMZ.

So that config is dynamic identity NAT, meaning you NAT the traffic to its own IP address, which is the same thing as doing nothing.

You can remove those NAT commands without effecting anything.

0 Helpful

adamgibs7
Level 6
Level 6
In response to Henrik Grankvist

‎03-30-2016 10:23 PM

Thanks Henrick and Marco

when I migrated to 9.5 all my access-list are showing me like below, but in startup config I can see the IP address.any ideas please.

access-list DMZ extended permit tcp host :: host :: eq www

0 Helpful

adamgibs7
Level 6
Level 6
In response to adamgibs7

‎04-01-2016 05:03 AM

anybody can help me for the above query

0 Helpful

Marco Soeder-Schuettler
Level 1
Level 1

‎03-29-2016 01:13 PM

Hi, 

have you done the recommended upgrade Path?

This example Path is for ASA5505

From 8.2 first Upgrade to 8.2(5) the last pre8.3 IOS.

In next step auto migrate to 8.4(7), here all NAT statements will be converted, after these step test functions.

Auto migrate now to 9.0(4) and then to 9.2(4) latest. In these upgade step for example encryption statements were converted (like isakmo to ikev1 etc.) and IPv6 features were implemented and some more.

For other Hardware search in ASA IOS Software for the latest IOS and recommended Upgrade steps.

I´ve done some of these upgrades last time without any problems.

Regards

Marco

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card