We're planning the upgrade from 8.2 to 8.4, which I understand has NAT and ACL changes. I've read the migration guide at http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.pdf
My understanding is that the upgrade procedure will convert the NATs, and place real IPs in the ACLs instead of the translated IPs.
But in looking through my 8.2 configs it appears the real IPs are already being used in my access lists. For example x.x.x.x is my public IP, and y.y.y.y is my internal IP. This is my current config:
static (inside,outside) x.x.x.x y.y.y.y netmask 255.255.255.255
access-list acl_out extended permit tcp any host x.x.x.x eq ssh
So it seems that the 8.4 upgrade won't need to change anything. Is that correct?
Yes you are absolutely right the nats would also change but I was only referring to access-lists, since Bill only wanted to know about ACL's, the nats are the major changes in post 8.3
Yes you ca go ahead with teh convertion, just a couple of things to keep in ming:
Disable nat-control (no nat-control)
Disable names (no names)
You can follow this doc as well:
Let me know if you face any issues.