cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
629
Views
5
Helpful
1
Replies

Upgrade from ASA5510 to ASA5516

kevinshkong11
Level 1
Level 1

Hi ALL,

We would like upgrade from ASA5510 (7.0(7)) to ASA5516 (9.8(2). We have to convert to all config or just ACL and NAT part, right? Kindly advise on config conversion. 

 

ASA Version 7.0(7)
!
hostname ASA5510
domain-name xxxxx.com

names
dns-guard
!
interface Ethernet0/0
nameif WAN
security-level 0
ip address 211.25.189.130 255.255.255.240
!
interface Ethernet0/1
nameif LAN
security-level 100
ip address 10.103.2.2 255.255.255.0
!
interface Ethernet0/2
nameif AXIS
security-level 10
ip address 121.122.131.162 255.255.255.248
!
interface Management0/0
nameif management
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
!
passwd hwMAGzB1ePDJdOeT encrypted
ftp mode passive
clock timezone MYT 8
object-group network VPN_Client_Range
network-object 10.103.4.10 255.255.255.255
network-object 10.103.4.11 255.255.255.255
network-object 10.103.4.12 255.255.255.255
network-object 10.103.4.13 255.255.255.255
network-object 10.103.4.14 255.255.255.255
network-object 10.103.4.15 255.255.255.255
network-object 10.103.4.16 255.255.255.255
network-object 10.103.4.17 255.255.255.255
network-object 10.103.4.18 255.255.255.255
network-object 10.103.4.19 255.255.255.255
network-object 10.103.4.20 255.255.255.255
object-group network VPN_Admin_Range
network-object 10.103.4.21 255.255.255.255
network-object 10.103.4.22 255.255.255.255
network-object 10.103.4.23 255.255.255.255
network-object 10.103.4.24 255.255.255.255
network-object 10.103.4.25 255.255.255.255
network-object 10.103.4.26 255.255.255.255
network-object 10.103.4.27 255.255.255.255
network-object 10.103.4.28 255.255.255.255
network-object 10.103.4.29 255.255.255.255
network-object 10.103.4.30 255.255.255.255
object-group network To_India
network-object 10.103.1.0 255.255.255.0
network-object 10.103.2.0 255.255.255.0
network-object 10.103.3.0 255.255.255.0
object-group network India
network-object 10.106.15.0 255.255.255.0
network-object 10.106.18.0 255.255.255.0
network-object 10.106.20.0 255.255.255.0
network-object 10.106.160.0 255.255.255.0
object-group service Lotus_Allowed_Services tcp
port-object eq telnet
port-object range lotusnotes lotusnotes
port-object eq www
port-object range 1533 1533
port-object eq https
object-group service tcp445 tcp
port-object eq 445
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.106.15.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.106.18.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.106.20.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.106.160.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.2.0 255.255.255.0 10.106.15.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.2.0 255.255.255.0 10.106.18.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.2.0 255.255.255.0 10.106.20.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.2.0 255.255.255.0 10.106.160.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.3.0 255.255.255.0 10.106.15.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.3.0 255.255.255.0 10.106.18.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.3.0 255.255.255.0 10.106.20.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.3.0 255.255.255.0 10.106.160.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.2.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list LAN_nat0_outbound extended permit ip 10.103.2.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.3.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list LAN_nat0_outbound extended permit ip 10.103.3.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.103.10.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 host 10.100.160.32
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 host 10.100.160.132
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 172.28.28.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.211.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.212.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.213.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.214.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.215.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.216.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.217.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.225.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.156.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.157.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.158.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.159.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 host 10.100.148.17
access-list LAN_nat0_outbound extended permit ip 10.103.2.0 255.255.255.0 host 10.100.148.17
access-list LAN_nat0_outbound extended permit ip 10.103.3.0 255.255.255.0 host 10.100.148.17
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.60.51.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.60.53.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.2.0 255.255.255.0 10.60.53.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.2.0 255.255.255.0 10.60.51.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.3.0 255.255.255.0 10.60.53.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.3.0 255.255.255.0 10.60.51.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.197.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.196.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.160.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 host 10.100.195.213
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 host 10.100.198.239
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 host 10.100.198.240
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.100.198.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.2.0 255.255.255.0 10.100.198.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.3.0 255.255.255.0 10.100.198.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.2.0 255.255.255.0 10.100.196.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.3.0 255.255.255.0 10.100.196.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 host 10.100.160.32
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 host 10.100.160.132
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 172.28.28.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.211.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.212.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.213.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.214.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.215.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.216.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.217.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.225.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.156.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.157.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.158.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.159.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 host 10.100.148.17
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.60.51.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.60.53.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.197.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.196.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.160.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 host 10.100.195.213
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 host 10.100.198.239
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 host 10.100.198.240
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.100.198.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.61.0.0 255.255.0.0
access-list LAN_nat0_outbound extended permit ip 10.103.2.0 255.255.255.0 10.61.0.0 255.255.0.0
access-list LAN_nat0_outbound extended permit ip 10.103.3.0 255.255.255.0 10.61.0.0 255.255.0.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.61.0.0 255.255.0.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.103.10.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.112.0.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.122.1.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.112.2.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.1.0 255.255.255.0 10.112.3.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.112.0.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.122.1.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.112.2.0 255.255.255.0
access-list LAN_nat0_outbound extended permit ip 10.103.5.0 255.255.255.0 10.112.3.0 255.255.255.0
access-list LAN_access_in extended permit ip any any
access-list Server standard permit host 10.103.1.20
access-list Server standard deny any
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.2.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.2.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.3.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.3.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 host 10.100.160.32
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 host 10.100.160.132
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.211.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.212.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.213.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.214.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.215.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.216.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.217.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.225.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.156.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.157.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.158.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.159.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 host 10.100.148.17
access-list WAN_cryptomap_60_1 extended permit ip 10.103.2.0 255.255.255.0 host 10.100.148.17
access-list WAN_cryptomap_60_1 extended permit ip 10.103.3.0 255.255.255.0 host 10.100.148.17
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.60.51.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.60.53.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.2.0 255.255.255.0 10.60.53.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.2.0 255.255.255.0 10.60.51.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.3.0 255.255.255.0 10.60.53.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.3.0 255.255.255.0 10.60.51.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.197.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.196.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.160.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 host 10.100.195.213
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 host 10.100.198.239
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 host 10.100.198.240
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.100.198.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.2.0 255.255.255.0 10.100.198.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.3.0 255.255.255.0 10.100.198.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.2.0 255.255.255.0 10.100.196.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.3.0 255.255.255.0 10.100.196.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.1.0.0 255.255.0.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 192.168.10.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 host 10.100.160.32
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 host 10.100.160.132
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.211.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.212.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.213.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.214.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.215.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.216.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.217.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.225.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.156.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.157.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.158.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.159.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 host 10.100.148.17
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.60.51.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.60.53.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.197.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.196.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.160.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 host 10.100.195.213
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 host 10.100.198.239
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 host 10.100.198.240
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.100.198.0 255.255.255.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.1.0 255.255.255.0 10.61.0.0 255.255.0.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.2.0 255.255.255.0 10.61.0.0 255.255.0.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.3.0 255.255.255.0 10.61.0.0 255.255.0.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 10.61.0.0 255.255.0.0
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 host 10.100.196.213
access-list WAN_cryptomap_60_1 extended permit ip 10.103.5.0 255.255.255.0 host 10.100.197.213
access-list WAN_cryptomap_40 extended permit ip 10.103.1.0 255.255.255.0 10.106.15.0 255.255.255.0
access-list WAN_cryptomap_40 extended permit ip 10.103.1.0 255.255.255.0 10.106.18.0 255.255.255.0
access-list WAN_cryptomap_40 extended permit ip 10.103.1.0 255.255.255.0 10.106.20.0 255.255.255.0
access-list WAN_cryptomap_40 extended permit ip 10.103.1.0 255.255.255.0 10.106.160.0 255.255.255.0
access-list WAN_cryptomap_40 extended permit ip 10.103.2.0 255.255.255.0 10.106.15.0 255.255.255.0
access-list WAN_cryptomap_40 extended permit ip 10.103.2.0 255.255.255.0 10.106.18.0 255.255.255.0
access-list WAN_cryptomap_40 extended permit ip 10.103.2.0 255.255.255.0 10.106.20.0 255.255.255.0
access-list WAN_cryptomap_40 extended permit ip 10.103.2.0 255.255.255.0 10.106.160.0 255.255.255.0
access-list WAN_cryptomap_40 extended permit ip 10.103.3.0 255.255.255.0 10.106.15.0 255.255.255.0
access-list WAN_cryptomap_40 extended permit ip 10.103.3.0 255.255.255.0 10.106.18.0 255.255.255.0
access-list WAN_cryptomap_40 extended permit ip 10.103.3.0 255.255.255.0 10.106.20.0 255.255.255.0
access-list WAN_cryptomap_40 extended permit ip 10.103.3.0 255.255.255.0 10.106.160.0 255.255.255.0
access-list WAN_cryptomap_40 extended permit ip 10.103.5.0 255.255.255.0 10.106.15.0 255.255.255.0
access-list WAN_cryptomap_40 extended permit ip 10.103.5.0 255.255.255.0 10.106.18.0 255.255.255.0
access-list WAN_cryptomap_40 extended permit ip 10.103.5.0 255.255.255.0 10.106.20.0 255.255.255.0
access-list WAN_cryptomap_40 extended permit ip 10.103.5.0 255.255.255.0 10.106.160.0 255.255.255.0
access-list outlist extended deny tcp any any eq 445
access-list outlist extended permit icmp any any
access-list outlist extended permit tcp any host 210.187.38.165 eq 3389
access-list outlist extended permit tcp any host 210.187.38.166 eq telnet
access-list outlist extended permit tcp any host 211.25.188.132 object-group Lotus_Allowed_Services
access-list outlist extended permit ip any host 211.25.188.133
access-list XXXXX_ABCD_VPN extended permit ip 10.103.1.0 255.255.255.0 10.103.10.0 255.255.255.0
access-list XXXXX_ABCD_VPN extended permit ip 10.103.5.0 255.255.255.0 10.103.10.0 255.255.255.0
access-list AXIS_access_in extended permit icmp any any
access-list split_tunneling extended permit ip 10.103.1.0 255.255.255.0 172.28.28.0 255.255.255.0
access-list WAN_nat0_inbound extended permit ip 10.103.1.0 255.255.255.0 10.112.0.0 255.255.255.0
access-list WAN_nat0_inbound extended permit ip 10.103.1.0 255.255.255.0 10.122.1.0 255.255.255.0
access-list WAN_nat0_inbound extended permit ip 10.103.1.0 255.255.255.0 10.112.2.0 255.255.255.0
access-list WAN_nat0_inbound extended permit ip 10.103.1.0 255.255.255.0 10.112.3.0 255.255.255.0
access-list WAN_nat0_inbound extended permit ip 10.103.5.0 255.255.255.0 10.112.0.0 255.255.255.0
access-list WAN_nat0_inbound extended permit ip 10.103.5.0 255.255.255.0 10.122.1.0 255.255.255.0
access-list WAN_nat0_inbound extended permit ip 10.103.5.0 255.255.255.0 10.112.2.0 255.255.255.0
access-list WAN_nat0_inbound extended permit ip 10.103.5.0 255.255.255.0 10.112.3.0 255.255.255.0
access-list WAN_cryptomap_100 extended permit ip 10.103.1.0 255.255.255.0 10.112.0.0 255.255.0.0
access-list WAN_cryptomap_100 extended permit ip 10.103.5.0 255.255.255.0 10.112.0.0 255.255.0.0
access-list test extended permit ip host 10.112.1.9 host 10.103.1.9
access-list test extended permit ip host 10.103.1.9 host 10.112.1.9
pager lines 24
logging enable
logging asdm informational
mtu WAN 1500
mtu LAN 1500
mtu AXIS 1500
mtu management 1500
ip local pool vpnpool 172.28.28.1-172.28.28.20
asdm image disk0:/asdm-507.bin
no asdm history enable
arp timeout 14400
nat-control
global (WAN) 1 interface
global (WAN) 2 210.187.39.165
nat (WAN) 0 access-list WAN_nat0_inbound outside
nat (LAN) 0 access-list LAN_nat0_outbound
nat (LAN) 1 0.0.0.0 0.0.0.0
static (LAN,WAN) 210.187.39.165 10.103.1.9 netmask 255.255.255.255
static (LAN,WAN) 210.187.39.166 10.103.1.2 netmask 255.255.255.255
static (LAN,WAN) 211.25.189.132 10.103.1.20 netmask 255.255.255.255
static (LAN,WAN) 211.25.189.133 10.103.1.71 netmask 255.255.255.255
access-group outlist in interface WAN
access-group LAN_access_in in interface LAN
access-group AXIS_access_in in interface AXIS
route WAN 0.0.0.0 0.0.0.0 211.25.189.129 1
route LAN 10.103.1.0 255.255.255.0 10.103.2.3 1
route LAN 10.103.3.0 255.255.255.0 10.103.2.3 1
route LAN 10.103.5.0 255.255.255.0 10.103.2.3 1
route LAN 192.168.22.0 255.255.255.0 10.103.2.3 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00
timeout mgcp-pat 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout uauth 0:05:00 absolute
group-policy iffcosea internal
group-policy iffcosea attributes
dns-server value 10.103.1.9
vpn-idle-timeout 60
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split_tunneling
webvpn
aaa authentication ssh console LOCAL
aaa authorization command LOCAL
http server enable
http 0.0.0.0 0.0.0.0 WAN
http 0.0.0.0 0.0.0.0 LAN
http 0.0.0.0 0.0.0.0 AXIS
http 192.168.1.0 255.255.255.0 management
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
crypto ipsec transform-set ESP-3DES-MD5 esp-3des esp-md5-hmac
crypto ipsec transform-set ESP-AES-256-SHA esp-aes-256 esp-sha-hmac
crypto dynamic-map map2 10 set transform-set ESP-AES-256-SHA
crypto map WAN_map 40 match address WAN_cryptomap_40
crypto map WAN_map 40 set peer 59.163.36.133
crypto map WAN_map 40 set transform-set ESP-AES-256-SHA
crypto map WAN_map 60 match address WAN_cryptomap_60_1
crypto map WAN_map 60 set peer 213.42.237.44
crypto map WAN_map 60 set transform-set ESP-AES-256-SHA
crypto map WAN_map 80 match address XXXXX_ABCD_VPN
crypto map WAN_map 80 set peer 211.25.58.162
crypto map WAN_map 80 set transform-set ESP-AES-256-SHA
crypto map WAN_map 100 match address WAN_cryptomap_100
crypto map WAN_map 100 set peer 203.126.256.244
crypto map WAN_map 100 set transform-set ESP-AES-256-SHA
crypto map WAN_map 65535 ipsec-isakmp dynamic map2
crypto map WAN_map interface WAN
isakmp identity address
isakmp enable WAN
isakmp enable LAN
isakmp enable AXIS
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
isakmp policy 30 authentication pre-share
isakmp policy 30 encryption aes-256
isakmp policy 30 hash sha
isakmp policy 30 group 5
isakmp policy 30 lifetime 86400
isakmp nat-traversal 20
tunnel-group abcd type ipsec-ra
tunnel-group abcd general-attributes
address-pool vpnpool
default-group-policy iffcosea
tunnel-group abcd ipsec-attributes
pre-shared-key *
tunnel-group 59.163.36.133 type ipsec-l2l
tunnel-group 59.163.36.133 ipsec-attributes
pre-shared-key *
tunnel-group To_india type ipsec-l2l
tunnel-group To_india ipsec-attributes
pre-shared-key *
tunnel-group 213.42.237.44 type ipsec-l2l
tunnel-group 213.42.237.44 ipsec-attributes
pre-shared-key *
tunnel-group 1.9.131.35 type ipsec-l2l
tunnel-group 1.9.131.35 ipsec-attributes
pre-shared-key *
tunnel-group 211.25.58.162 type ipsec-l2l
tunnel-group 211.25.58.162 ipsec-attributes
pre-shared-key *
tunnel-group 203.127.255.244 type ipsec-l2l
tunnel-group 203.127.255.244 ipsec-attributes
pre-shared-key *
no tunnel-group-map enable peer-ip
no vpn-addr-assign aaa
no vpn-addr-assign dhcp
telnet 0.0.0.0 0.0.0.0 WAN
telnet 0.0.0.0 0.0.0.0 LAN
telnet 0.0.0.0 0.0.0.0 AXIS
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 WAN
ssh 0.0.0.0 0.0.0.0 LAN
ssh 0.0.0.0 0.0.0.0 AXIS
ssh timeout 5
console timeout 0
dhcpd address 192.168.1.2-192.168.1.254 management
dhcpd lease 3600
dhcpd ping_timeout 50
dhcpd enable management
!
class-map inspection_default
match default-inspection-traffic
!
!
policy-map global_policy
class inspection_default
inspect dns maximum-length 512
inspect ftp
inspect h323 h225
inspect h323 ras
inspect rsh
inspect rtsp
inspect esmtp
inspect sqlnet
inspect skinny
inspect sunrpc
inspect xdmcp
inspect sip
inspect netbios
inspect tftp
inspect icmp
!
service-policy global_policy global
Cryptochecksum:2725e4680ce05f8140e76d972954ccd6
: end

 

Thank you.

 

Regards

Kevin

1 Reply 1

Troy Jackson
Level 1
Level 1

You have a few options. You could upgrade the 5510 to an image above 8.4 and the config will be auto-corrected (I don't really like this way. But it does work... ) or You can manually do it. If you do it manually run the command "more system:running-config" to get the tunnel keys and few other parts of the config in clear-text. Then you will need to work on the ACLs and NAT statements. I would just break the config into sections and change the NAT to post 8.3 and any ACLs related to NAT will change from the external or mapped address to the real address. Also, you should leave "nat-control" out of the config as it is not needed. If you need an example of the config you can find it in the configuration guides.   

Please remember to rate useful posts, by clicking on the star below.
-Troy J.
Review Cisco Networking for a $25 gift card