02-25-2020 07:15 AM
Good day experts.
Could someone assist me with how i can convert configs on a router to ASA firewall running 8.6 code.
I have managed to convert most of the configs but these below seem challenging this NATing and overloading is not making sense but it works on the router currently.
Acess-List 111 is also being called upon on a VPN as intersting traffic. VPN i managed to bring up. Just this below
NAT
ip nat pool SERVERS 192.168.10.50 192.168.10.50 prefix-length 24
ip nat inside source static tcp 10.10.10.50 80 interface GigabitEthernet0/1 80
ip nat inside source list 111 pool SERVERS overload
ACL
access-list 111 permit ip host 10.10.10.50 host 172.20.1.66
access-list 111 permit ip host 10.10.10.50 host 172.20.1.71
access-list 111 permit ip host 10.10.10.50 host 172.20.1.72
access-list 111 permit ip host 10.10.10.50 host 172.20.1.73
I kind of don't follow whats happening here... and worse converting it to ASA...
Thanks ion advance expert
02-25-2020 07:35 AM
Try this
object-group network Source-Group
network-object host 10.10.10.50
!
object-group network Source-NAT-Group
network-object host 192.168.10.50
!
object-group network Destination-Group
network-object host 172.20.1.66
network-object host 172.20.1.71
network-object host 172.20.1.72
network-object host 172.20.1.73
!
object service obj-http
service tcp destination eq 80
!
nat (inside,outside) source static Source-Group interface service obj-http obj-http
nat (inside,outside) source static Source-Group Source-NAT-Group destination static Destination-Group Destination-Group
Rate for helpful post
02-25-2020 07:45 AM
Hello
You're right , it seems that overload doesn't make sense here.
Can you post the result of "sh ip nat translation" on the router with traffic established from the server ?
Thank you
02-26-2020 11:04 AM
@Pawan Raut Thank you for the config will test and share the result.
@Jerome BERTHIER let me log in and paste the NAT translation here thank you for the quick response.
02-20-2023 09:04 AM
Hello ,
i know it has been a while since you posted this but what tool did you use to convert access lists from router to ASA firewall please?
Many thank you
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide