Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
916
Views
0
Helpful
2
Replies

command replacement on ASA IOS 8.3

danilodicesare
Level 1
Level 1

‎09-03-2010 10:48 PM - edited ‎03-11-2019 11:34 AM

Hi all,

how can i replace in 8.3 a NAT identity like:

nat (outside) 0 0.0.0.0 0.0.0.0 0 0

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

and also

established tcp 0 4000 permitto tcp 4000 permitfrom tcp 1024-65535

tnx a lot for any answer

Dan

Labels:
0 Helpful
2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎09-04-2010 03:16 AM

Dan,

All the connection connection limitation have been moved to one place - MPF. No longer can you set additional setting on nat rules.


For established,

http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/ef.html#wp2010769

8.3 command reference still gives you that option - if the command is not there or doesn't work properly well let me know and we'll see.

For identity NAT, not sure what's the point of those would be...  nat-control has been deprecated.


But the recommendation goes:

Error Message    Identity-NAT was not migrated. If required, an appropriate bypass NAT rule needs to be 
added.

Explanation   Identity NAT not migrated. Identity NAT (the nat 0 command) is not migrated; also a nat-control command  on that interface is not migrated.

Recommended Action   Manually add a new Identity NAT rule using a static NAT command (either object or twice NAT).

Example:

Old Configuration

nat (inside) 0 192.168.1.0 255.255.255.0


http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html

HTH,

Marcin

0 Helpful

Jennifer Halim
Cisco Employee
Cisco Employee

‎09-04-2010 03:17 AM

Are you trying to perform NAT exemption for traffic through the ASA based on the following 2 NAT statements:

nat (outside) 0 0.0.0.0 0.0.0.0 0 0

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

If you are, there is no need to configure any NAT statements if there isn't any other NAT statements already configured.

For the "established" command, it is still the same command in version 8.3:

http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/ef.html#wp2010769

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card