Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Convert Pix 7.2 version Commands in ASA 9.1 version.

Dear Support,

I want convert Cisco PIX 7.2 commands to ASA 9.1.

Below access-list command in PIX:

access-list outside_access_in extended permit tcp host 122.162.13.70 host 22.22.206.90 eq https

can this command remain same or different in ASA 9.1

Please help on this.

Regards,

Jitesh Mahajan.

9 REPLIES

HI Jitesh, Yes. The above

HI Jitesh,

 

Yes. The above mentioned access-list command can be used as it is in 7.2. There are notable changes in NAT statement and VPN configuration parameters in 8.3 or 8.3+ versions of ASA OS.

for confirming you i have pasted the same lines of ACL in 8.4 version and it takes as it is....

ciscoasa(config)# sh runn | in access-list
access-list outside_access_in extended permit tcp host 122.162.13.70 host 22.22.206.90 eq https
threat-detection statistics access-list
ciscoasa(config)#

 

HTH

 

Regards

Karthik

VIP Green

Just to add...keep in mind

Just to add...keep in mind that in 8.3+ if you are allowing access into the ASA from the internet, then you would specify the real IP and not the NATed IP for the destination in the access-list.

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer

Yeah... That is needed here..

Yeah... That is needed here..... I agree with Marius....

 

Regards

Karthik

  FYI,  AFTER 8.3+ OR LATER1)

 

 

FYI,  AFTER 8.3+ OR LATER

1) if you have done some nating means ,  ACL should have reals ip`s ( pre nated ip -ie real ip).

New Member

Dear All,Thank you for your

Dear All,

Thank you for your support.

can someone please provide me the 8.3 and above configuration template of access list and NAT.

Regards,

Jitesh Mahjan.

 

Hi Jitesh,Please find the

Hi Jitesh,

Please find the attached document and cisco link for migrating steps... even that has NAT explanations.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html

Regards

Karthik

New Member

Dear Nkarthikeyan and Marius

Dear Nkarthikeyan and Marius,

Thanks for your support.

Is their any document that specifies how to migrate access list in details, so it's more help to me.

Regards,

JItesh Mahajan.

VIP Green

Have a look at this document

Have a look at this document that describes migrating to a version 8.3 and later.

http://www.cisco.com/c/en/us/td/docs/security/asa/asa83/upgrading/migrating.html#wp40036

--

Please remember to select a correct answer and rate helpful posts

-- Please remember to rate and select a correct answer
VIP Green

So, lets say your server's IP

So, lets say your server's IP is 10.10.10.10/24 and you want to allow access to it from the internet using the outside interface IP of the ASA and on port 80/HTTP.

object network SERVER
  host 10.10.10.10
  nat (inside,outside) static interface service tcp http http

access-list OUT-TO-IN extended permit tcp any host 10.10.10.10 eq 80

access-group OUT-TO-IN in interface outside

--

Please remember to select a correct answer and rate helpful posts
 

-- Please remember to rate and select a correct answer
120
Views
9
Helpful
9
Replies