Dear Jenifer,

Thank U for your respon,

Below my configuration file :

Hi Rizal,

It seems like  the upgrade didn't go well, the access-list did not migrate completely:

Pre 8.3:

access-list OUTSIDE_access_in extended permit ip any any

access-list OUTSIDE_access_in extended deny ip object-group Block_IP any

access-list OUTSIDE_access_in extended deny ip object-group eSVR_Worm_Gundar host Public_eSVR_IMSS

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_15 any object-group DM_INLINE_NETWORK_18

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_16 any host Public_iSVR_ExDev

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_17 any host Public_eSVR_BSMNet_Bkp

access-list OUTSIDE_access_in extended permit tcp any host Public_eSVR_IMSS eq smtp

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_18 any host Public_eSVR_MBG

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_19 host 202.155.119.168 host Public_iSVR_MsgCenter

access-list OUTSIDE_access_in extended permit object-group TCPUDP any host Public_iSVR_Ebdesk eq www

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_20 any host Public_iSVR_ExHub

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_22 any host Public_iSVR_IPExHub1

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_21 any host Public_iSVR_IPExHub2

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_31 any host Public_iSVR_OPManager

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_23 any host Public_iSVR_Ababil

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_24 any host Public_eSVR_BSMNet_Bkp

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_25 any host Public_eSVR_Netwave

access-list OUTSIDE_access_in extended permit ip any object-group DM_INLINE_NETWORK_19

Post 8.3:

access-list OUTSIDE_access_in extended permit ip any any

access-list OUTSIDE_access_in extended deny ip object-group Block_IP any

access-list OUTSIDE_access_in extended permit ip any object-group DM_INLINE_NETWORK_19

access-list OUTSIDE_access_in extended deny ip any any

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_15 any object-group DM_INLINE_NETWORK_18

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_17 any host 202.152.24.104

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_19 host 202.155.119.168 host 103.246.169.12

access-list OUTSIDE_access_in extended permit object-group DM_INLINE_SERVICE_23 any object Public_iDST_Erik

You need to delete the deny access-list as well.

None of your nat statements got migrated as well:

Pre 8.3:

global (OUTSIDE) 1 Public_UserBypass netmask 255.255.255.255

static (CMS,OUTSIDE) Public_eSVR_BSMNet_Bkp iSVR_BSM_Net netmask 255.255.255.255

static (DMZ,OUTSIDE) Public_eSVR_IMSS eSVR_IMSVA netmask 255.255.255.255

static (DMZ,OUTSIDE) Public_eSVR_MBG eSVR_MBG netmask 255.255.255.255

static (INSIDE,OUTSIDE) Public_eSVR_Netwave eSVR_Netwave netmask 255.255.255.255

static (INSIDE,OUTSIDE) Public_iDST_Erik iDST_Erik netmask 255.255.255.255

static (INSIDE,OUTSIDE) Public_iSVR_Ababil iSVR_Ababil netmask 255.255.255.255

static (INSIDE,OUTSIDE) Public_iSVR_Ebdesk iSVR_Ebdesk netmask 255.255.255.255

static (INSIDE,OUTSIDE) Public_iSVR_ExDev iSVR_Ex_Dev netmask 255.255.255.255

static (INSIDE,OUTSIDE) Public_iSVR_ExHub iSVR_Ex_Hub netmask 255.255.255.255

static (INSIDE,OUTSIDE) Public_iSVR_IPExHub1 iSVR_IP_Ex_Hub1 netmask 255.255.255.255

static (INSIDE,OUTSIDE) Public_iSVR_IPExHub2 iSVR_IP_Ex_Hub2 netmask 255.255.255.255

static (IPS,OUTSIDE) Public_iSVR_IPS BSM_ASA_5550_IPS netmask 255.255.255.255

static (INSIDE,OUTSIDE) Public_iSVR_IWSVA iSVR_IWSVA netmask 255.255.255.255

static (INSIDE,OUTSIDE) Public_iSVR_OPManager iSVR_OPManager netmask 255.255.255.255

static (INSIDE,OUTSIDE) Public_iSVR_MsgCenter iSVR_MsgCenter netmask 255.255.255.255

static (INSIDE,OUTSIDE) Public_iSVR_Proxy iSVR_Proxy netmask 255.255.255.255

static (OUTSIDE,INSIDE) iRTR_Inet_BSM iRTR_Inet_BSM netmask 255.255.255.255

Post 8.3 yu do not have any of the nat statements.

For the upgrade plz make sure , you first do a "no names" and "no nat-control" and then upgrade the software version again.

Let me know if you have any issues.

Thanks,

Varun

Ok Varun,

I will try to convert again, btw what the purpose of "no names" command ?

Best Regards,

Rizal Ferdiyan

Well if your ip addresses have names assigned to them, then during conversion it creates a problem for the firewall to convert names, it looks for ip addresses to be converted to network object in 8.4. So you should not be using names while conversion. Once the conversion is done, you can put the names back by using the command "names", so it does not make you lose anything.

Thanks,

Varun

Varun,

I have try again, but i have encounter same problem. Nat configuration doesn't convert, there some ACL doesn't convert and new some ACL created during convertion.

Any idea, why i encounter same problem ? Btw, i have doing "no names" in my configuration before reload in new IOS.

Best Regards,

Rizal Ferdiyan

Do you need to upgrade to 8.3 first before go to 8.4?

hello Zhigiang.

You can go from 8.2 to 8.4 without going to 8.3!

Regards