09-09-2020 02:31 AM
hi,
I have an issue to migrate from an old ASA to a new firepower in ASA mode :
In my old ASA I have :
access-list inside_nat0_outbound extended permit ip any object-group rfc1918
nat (inside) 0 access-list inside_nat0_outbound
with
object-group network rfc1918
description Reseaux RFC1918
network-object 10.0.0.0 255.0.0.0
network-object 172.16.0.0 255.240.0.0
network-object 192.168.0.0 255.255.0.0
network-object 161.48.0.0 255.255.224.0
when I put in firepower :
nat (inside) 0 access-list inside_nat0_outbound
ERROR: This syntax of nat command has been deprecated
any idea what's the new syntax ?
thanks
nico
Solved! Go to Solution.
09-09-2020 03:55 AM
here is a good example, just replicate for the objects that you have
nat (INSIDE) 0 access-list ACL-NONAT
access-list ACL-NONAT extended permit ip any host 172.16.200.203
object network OBJ-172.16.200.203
subnet 172.16.200.203 255.255.255.255
nat (INSIDE,any) 1 source static any any destination static OBJ-172.16.200.203 OBJ-172.16.200.203 no-proxy-arp description NONAT
09-09-2020 03:46 AM
new syntax example :
nat (inside,any) source static any any
09-09-2020 03:55 AM
here is a good example, just replicate for the objects that you have
nat (INSIDE) 0 access-list ACL-NONAT
access-list ACL-NONAT extended permit ip any host 172.16.200.203
object network OBJ-172.16.200.203
subnet 172.16.200.203 255.255.255.255
nat (INSIDE,any) 1 source static any any destination static OBJ-172.16.200.203 OBJ-172.16.200.203 no-proxy-arp description NONAT
09-09-2020 04:08 AM
hi
thanks for your reply
can you correct me if I'm wrong, but if I understood well that should be in my case :
nat (inside, any) 1 source static any any destination static rfc1918 rfc1918 no-proxy-arp
thanks
Nicolas
09-09-2020 04:43 AM
since you have object group - rfc1918
your sytax is correct as per your statement.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: