Migrate ASA 5510 8.3(2) to ASA 5515 9.1 NAT AND ACL CONFIGURATIONS

Answered Question
Feb 24th, 2017
User Badges:

Hello I want to migrate an ASA 5510 8.3(2) to an ASA 5515 9.1. I want to know if there are some changes in NAT syntax, for example I have a static nat define in the old asa like this:

nat (inside,outside) source static object network object network destination static object network object network

I want to know before I start the migration if there is some changes in the syntax.

Also I have an ACL define in the old ASA this way:

access-list name extended permit ip host x.x.x.x host x.x.x.x


Thanks for your advice beforehand


Correct Answer by Marvin Rhoads about 2 months 4 weeks ago

Yes the NAT syntax has all changed. There are dozens of articles on this. I recommend in particular Jouni Forss' writeup here:

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation...

There is also a very good article at tunnelsup.com:

https://www.tunnelsup.com/nat-for-cisco-asas-version-8-3/

Also see the conversion tool that is available there.

Access-lists now use the real IP in the syntax for hosts that have static NAT entires. 8.2 and earlier used the public IP address.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Marvin Rhoads Sat, 02/25/2017 - 06:37
User Badges:
  • Super Silver, 17500 points or more
  • Cisco Designated VIP,

    2017 Firewalling, Network Management, VPN

Yes the NAT syntax has all changed. There are dozens of articles on this. I recommend in particular Jouni Forss' writeup here:

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation...

There is also a very good article at tunnelsup.com:

https://www.tunnelsup.com/nat-for-cisco-asas-version-8-3/

Also see the conversion tool that is available there.

Access-lists now use the real IP in the syntax for hosts that have static NAT entires. 8.2 and earlier used the public IP address.


Actions

This Discussion