Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1296
Views
10
Helpful
4
Replies

Policy NAT/PAT in 8.4

Go to solution
mdr.ahamedb
Level 1
Level 1

‎01-05-2017 09:11 PM - edited ‎03-12-2019 01:44 AM

Hi,

I would like to know the Policy PAT/NAT configuration in ASA 8.4. I have the below config of ASA 8.2.

If we upgrade the ASA 8.2(5) to ASA 8.4(5), will the policy NAT/PAT gets auto converted or do we need to do manually after migration.

Also what is the config that will not be auto converted after upgraded to ASA8.4(5).

Config:

=====

interface Vlan1

 nameif inside

 security-level 100

 ip address 192.168.182.1 255.255.255.0

no shutdown

!

interface Vlan2

 nameif outside

 security-level 0

 ip address 11.1.1.2 255.255.255.0

no shutdown

object-group network Remote

host 20.2.2.20

host 30.3.3.30

access-list nat1 extended permit tcp host 192.168.182.12 object-group Remote eq 1000

global (outside) 1 interface

nat (inside) 1 access-list nat1

=======================

Thanks in Advance.

1 person had this problem
Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Pranay Prasoon
Level 3
Level 3

‎01-05-2017 10:58 PM

Hi,

ASA will take care of the automatic conversion of NAT. Policy based NAT is configured as dual NAT on ASA 8.3+.

Something like

nat (inside,outside) source dynamic 192.168.182.12-obj interface destination static object-group object-group service object-1000 object-1000

Note:- Name for source and destination object and service can be different

View solution in original post

4 Replies 4

Go to solution
Pranay Prasoon
Level 3
Level 3

‎01-05-2017 10:58 PM

Hi,

ASA will take care of the automatic conversion of NAT. Policy based NAT is configured as dual NAT on ASA 8.3+.

Something like

nat (inside,outside) source dynamic 192.168.182.12-obj interface destination static object-group object-group service object-1000 object-1000

Note:- Name for source and destination object and service can be different

Go to solution
mdr.ahamedb
Level 1
Level 1
In response to Pranay Prasoon

‎01-07-2017 04:57 AM

HI Pranay,

Thank you for the help.

How about the ACL's, in ASA 8.2 we have ACL's with Public IP as destination when the traffic is fro OUTSIDE to INSIDE. Will that be auto converted when we upgrade to ASA 8.4, because in ASA 8.4 the destination IP should be Real IP when the traffic is OUTSIDE to INSIDE.

Thank you.

0 Helpful

Go to solution
mdr.ahamedb
Level 1
Level 1
In response to Peter Koltl

‎01-07-2017 08:44 AM

Thank you Peter for sharing the information.

So when we upgrade to 8.4 acl's, static nat will be automatically converted. Policy nat/pat should be manually configured  

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card