03-19-2013 09:29 PM
can ASA ver8 perform site-to-site with ASA ver7?
any changes that i should know connecting this 2 asa?
03-19-2013 11:46 PM
That won't be a problem. You can build site-to-site VPNs between different ASA-versions and typically even between different vendors.
For your VPN between v7 and v8 the syntax has changed a little bit and some defaults changed. For example on the older code the clear-text-traffic had to be allowed in the interface ACL what changed in newer releases.
I would suggest to build your VPN and ask again if there are some problems with that.
Sent from Cisco Technical Support iPad App
03-20-2013 12:34 AM
thats what i had in mind, but i couldnt find anything about that on cisco website..
03-20-2013 12:53 AM
there are lots of examples for the different version on the cisco-site:
http://www.cisco.com/en/US/products/ps6120/prod_configuration_examples_list.html
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
03-22-2013 12:02 AM
hi karsten.iwen,
how do i change this static route command to version 8 static route?
is it thru this command?
object network obj_any
nat (inside,outside) dynamic interface
from ver 7
global (outside) 10 interface
global (outside) 20 10.10.10.75
global (dmz) 10 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0
nat (dmz) 0 access-list dmz_outbound_nat0_acl
nat (dmz) 20 192.168.1.0 255.255.255.0
static (dmz,outside) tcp 10.10.10.75 www 192.168.1.1 www netmask 255.255.255.255
static (dmz,outside) tcp 10.10.10.75 https 192.168.1.1 https netmask 255.255.255.255
03-22-2013 01:26 AM
object network obj_any
nat (inside,outside) dynamic interface
thats dynamic NAT, what was the nat/global command in the older release.
static (dmz,outside) tcp 10.10.10.75 www 192.168.1.1 www netmask 255.255.255.255
static (dmz,outside) tcp 10.10.10.75 https 192.168.1.1 https netmask 255.255.255.255
these two statics are configured the following way in ASA 8.3+:
object network Server-192.168.1.1-www
host 192.168.1.1
nat (dmz,outside) static 10.10.10.75 service tcp www www
!
object network Server-192.168.1.1-https
host 192.168.1.1
nat (dmz,outside) static 10.10.10.75 service tcp https https
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
03-22-2013 01:37 AM
thanks for ur reply,
i also cant convert this command in ver8
global (outside) 10 interface
global (outside) 20 10.10.10.75
global (dmz) 10 interface
nat (inside) 0 access-list inside_outbound_nat0_acl
nat (inside) 10 0.0.0.0 0.0.0.0
nat (dmz) 0 access-list dmz_outbound_nat0_acl
nat (dmz) 20 192.168.1.0 255.255.255.0
03-22-2013 01:42 AM
is there any different with this? on static route?
nat (dmz,outside) source static 192.168.1.1 192.168.1.1 destination static 10.10.10.75 10.10.10.75 service www www
vs
object network Server-192.168.1.1-www
host 192.168.1.1
nat (dmz,outside) static 10.10.10.75 service tcp www www
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide