01-05-2017 09:11 PM - edited 03-12-2019 01:44 AM
Hi,
I would like to know the Policy PAT/NAT configuration in ASA 8.4. I have the below config of ASA 8.2.
If we upgrade the ASA 8.2(5) to ASA 8.4(5), will the policy NAT/PAT gets auto converted or do we need to do manually after migration.
Also what is the config that will not be auto converted after upgraded to ASA8.4(5).
Config:
=====
interface Vlan1
nameif inside
security-level 100
ip address 192.168.182.1 255.255.255.0
no shutdown
!
interface Vlan2
nameif outside
security-level 0
ip address 11.1.1.2 255.255.255.0
no shutdown
object-group network Remote
host 20.2.2.20
host 30.3.3.30
access-list nat1 extended permit tcp host 192.168.182.12 object-group Remote eq 1000
global (outside) 1 interface
nat (inside) 1 access-list nat1
=======================
Thanks in Advance.
Solved! Go to Solution.
01-05-2017 10:58 PM
Hi,
ASA will take care of the automatic conversion of NAT. Policy based NAT is configured as dual NAT on ASA 8.3+.
Something like
nat (inside,outside) source dynamic 192.168.182.12-obj interface destination static object-group object-group service object-1000 object-1000
Note:- Name for source and destination object and service can be different
01-07-2017 08:15 AM
Addresses will be converted to real addresses:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html#22363
01-05-2017 10:58 PM
Hi,
ASA will take care of the automatic conversion of NAT. Policy based NAT is configured as dual NAT on ASA 8.3+.
Something like
nat (inside,outside) source dynamic 192.168.182.12-obj interface destination static object-group object-group service object-1000 object-1000
Note:- Name for source and destination object and service can be different
01-07-2017 04:57 AM
HI Pranay,
Thank you for the help.
How about the ACL's, in ASA 8.2 we have ACL's with Public IP as destination when the traffic is fro OUTSIDE to INSIDE. Will that be auto converted when we upgrade to ASA 8.4, because in ASA 8.4 the destination IP should be Real IP when the traffic is OUTSIDE to INSIDE.
Thank you.
01-07-2017 08:15 AM
Addresses will be converted to real addresses:
http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html#22363
01-07-2017 08:44 AM
Thank you Peter for sharing the information.
So when we upgrade to 8.4 acl's, static nat will be automatically converted. Policy nat/pat should be manually configured
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide