Have a look at this document

jitesh.mahajan · ‎06-24-2014

Dear Support,

I want convert Cisco PIX 7.2 commands to ASA 9.1.

Below access-list command in PIX:

access-list outside_access_in extended permit tcp host 122.162.13.70 host 22.22.206.90 eq https

can this command remain same or different in ASA 9.1

Please help on this.

Regards,

Jitesh Mahajan.

nkarthikeyan · ‎06-24-2014

HI Jitesh,

Yes. The above mentioned access-list command can be used as it is in 7.2. There are notable changes in NAT statement and VPN configuration parameters in 8.3 or 8.3+ versions of ASA OS.

for confirming you i have pasted the same lines of ACL in 8.4 version and it takes as it is....

ciscoasa(config)# sh runn | in access-list
access-list outside_access_in extended permit tcp host 122.162.13.70 host 22.22.206.90 eq https
threat-detection statistics access-list
ciscoasa(config)#

HTH

Regards

Karthik

Marius Gunnerud · ‎06-25-2014

Just to add...keep in mind that in 8.3+ if you are allowing access into the ASA from the internet, then you would specify the real IP and not the NATed IP for the destination in the access-list.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

nkarthikeyan · ‎06-25-2014

Yeah... That is needed here..... I agree with Marius....

Regards

Karthik

jyothiraj.sanapala · ‎06-27-2014

FYI, AFTER 8.3+ OR LATER

1) if you have done some nating means , ACL should have reals ip`s ( pre nated ip -ie real ip).

jitesh.mahajan · ‎07-01-2014

Dear All,

Thank you for your support.

can someone please provide me the 8.3 and above configuration template of access list and NAT.

Regards,

Jitesh Mahjan.

nkarthikeyan · ‎07-01-2014

Hi Jitesh,

Please find the attached document and cisco link for migrating steps... even that has NAT explanations.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html

Regards

Karthik

jitesh.mahajan · ‎07-01-2014

Dear Nkarthikeyan and Marius,

Thanks for your support.

Is their any document that specifies how to migrate access list in details, so it's more help to me.

Regards,

JItesh Mahajan.

Marius Gunnerud · ‎07-01-2014

Have a look at this document that describes migrating to a version 8.3 and later.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html#wp40036

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Marius Gunnerud · ‎07-01-2014

So, lets say your server's IP is 10.10.10.10/24 and you want to allow access to it from the internet using the outside interface IP of the ASA and on port 80/HTTP.

object network SERVER
host 10.10.10.10
nat (inside,outside) static interface service tcp http http

access-list OUT-TO-IN extended permit tcp any host 10.10.10.10 eq 80

access-group OUT-TO-IN in interface outside

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts

Convert Pix 7.2 version Commands in ASA 9.1 version.