cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1609
Views
0
Helpful
4
Replies

old ASA conf to new firepower (ASA mode) nat issue

nvanhaute
Level 1
Level 1

hi,

 

I have an issue to migrate from an old ASA to a new firepower in ASA mode :

 

In my old ASA I have :

access-list inside_nat0_outbound extended permit ip any object-group rfc1918
nat (inside) 0 access-list inside_nat0_outbound

with

object-group network rfc1918
description Reseaux RFC1918
network-object 10.0.0.0 255.0.0.0
network-object 172.16.0.0 255.240.0.0
network-object 192.168.0.0 255.255.0.0
network-object 161.48.0.0 255.255.224.0

 

when I put in firepower :

nat (inside) 0 access-list inside_nat0_outbound
ERROR: This syntax of nat command has been deprecated

 

any idea what's the new syntax ?

 

thanks

 

nico

1 Accepted Solution

Accepted Solutions

Ruben Cocheno
Spotlight
Spotlight

@nvanhaute 

 

here is a good example, just replicate for the objects that you have

 

nat (INSIDE) 0 access-list ACL-NONAT
access-list ACL-NONAT extended permit ip any host 172.16.200.203

 

object network OBJ-172.16.200.203
subnet 172.16.200.203 255.255.255.255

 

nat (INSIDE,any) 1 source static any any destination static OBJ-172.16.200.203 OBJ-172.16.200.203 no-proxy-arp description NONAT

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

View solution in original post

4 Replies 4

balaji.bandi
Hall of Fame
Hall of Fame

new syntax  example :

 

nat (inside,any) source static any any

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Ruben Cocheno
Spotlight
Spotlight

@nvanhaute 

 

here is a good example, just replicate for the objects that you have

 

nat (INSIDE) 0 access-list ACL-NONAT
access-list ACL-NONAT extended permit ip any host 172.16.200.203

 

object network OBJ-172.16.200.203
subnet 172.16.200.203 255.255.255.255

 

nat (INSIDE,any) 1 source static any any destination static OBJ-172.16.200.203 OBJ-172.16.200.203 no-proxy-arp description NONAT

Tag me to follow up.
Please mark it as Helpful and/or Solution Accepted if that is the case. Thanks for making Engineering easy again.
Connect with me for more on Linkedin https://www.linkedin.com/in/rubencocheno/

hi

thanks for your reply

can you correct me if I'm wrong, but if I understood well that should be in my case :

 

nat (inside, any) 1 source static any any destination static rfc1918 rfc1918 no-proxy-arp

 

thanks

 

Nicolas

balaji.bandi
Hall of Fame
Hall of Fame

since you have object group - rfc1918

 

your sytax is correct as per your statement.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: