Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

command replacement on ASA IOS 8.3

Hi all,

how can i replace in 8.3 a NAT identity like:

nat (outside) 0 0.0.0.0 0.0.0.0 0 0

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

and also

established tcp 0 4000 permitto tcp 4000 permitfrom tcp 1024-65535

tnx a lot for any answer

Dan

2 REPLIES
Cisco Employee

Re: command replacement on ASA IOS 8.3

Dan,

All the connection connection limitation have been moved to one place - MPF. No longer can you set additional setting on nat rules.


For established,

http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/ef.html#wp2010769

8.3 command reference still gives you that option - if the command is not there or doesn't work properly well let me know and we'll see.

For identity NAT, not sure what's the point of those would be...  nat-control has been deprecated.


But the recommendation goes:

Error Message    Identity-NAT was not migrated. If required, an appropriate bypass NAT rule needs to be 
added.

Explanation   Identity NAT not migrated. Identity NAT (the nat 0 command) is not migrated; also a nat-control command  on that interface is not migrated.

Recommended Action   Manually add a new Identity NAT rule using a static NAT command (either object or twice NAT).

Example:

Old Configuration

nat (inside) 0 192.168.1.0 255.255.255.0


http://www.cisco.com/en/US/docs/security/asa/asa83/upgrading/migrating.html

HTH,

Marcin

Cisco Employee

Re: command replacement on ASA IOS 8.3

Are you trying to perform NAT exemption for traffic through the ASA based on the following 2 NAT statements:

nat (outside) 0 0.0.0.0 0.0.0.0 0 0

nat (inside) 0 0.0.0.0 0.0.0.0 0 0

If you are, there is no need to configure any NAT statements if there isn't any other NAT statements already configured.

For the "established" command, it is still the same command in version 8.3:

http://www.cisco.com/en/US/docs/security/asa/asa83/command/reference/ef.html#wp2010769

643
Views
0
Helpful
2
Replies
CreatePlease to create content