Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
912
Views
0
Helpful
16
Replies

FWSM Static nat conversion to ASA SM 9.0.3 converion help

Go to solution
jain.nitin
Level 3
Level 3

‎06-06-2014 12:28 AM - edited ‎03-11-2019 09:18 PM

Hi, can any one tell me below conversion is correct or no, I tried conversion tool but it did not convert any static/global/nat command for us. so I am converting it manually.

Entry in FWSM

1

static (BACKUP,MARS-NW) 172.18.12.39 172.18.12.39 netmask 255.255.255.255

2

static (BACKUP,UNIX-MT-MGMT) 172.18.108.21 172.18.12.10 netmask 255.255.255.255

static (BACKUP,Microsoft-MT-MGMT) 172.18.124.52 172.18.12.10 netmask 255.255.255.255

static (BACKUP,Microsoft-FE-MGMT) 172.18.122.52 172.18.12.10 netmask 255.255.255.255

Entry which is going to be configured in ASA SM

1
object network obj20-172.18.12.39
host 172.18.12.39
nat (BACKUP,MARS-NW) source static obj20-172.18.12.39 obj20-172.18.12.39

2

object network obj1-172.18.12.10
host 172.18.12.10
nat (BACKUP,UNIX-MT-MGMT) static 172.18.108.21
nat (BACKUP,Microsoft-MT-MGMT) static 172.18.124.52
nat (BACKUP,Microsoft-FE-MGMT) static 172.18.122.52
 

 

Labels:
0 Helpful
16 Replies 16

Go to solution
jain.nitin
Level 3
Level 3
In response to jain.nitin

‎06-06-2014 10:40 AM

i am talking about these configuration in FWSM, what should be in ASA SM

global (UNIX-MT-MGMT) 108 172.18.108.106 netmask 255.0.0.0
nat (Outside) 108 access-list Outside_nat_outbound_2 outside

====================================================================================


global (UNIX-MT-MGMT) 161 172.18.108.161 netmask 255.255.255.255
nat (Outside) 161 access-list Outside_nat_outbound outside

 object network UXMTMGMT_172.18.108.161
  host 172.18.108.161
 
object-group network OUTSIDE_161

0 Helpful

Go to solution
Marius Gunnerud
VIP
VIP
In response to jain.nitin

‎06-07-2014 01:14 PM

global (UNIX-MT-MGMT) 108 172.18.108.106 netmask 255.0.0.0
nat (Outside) 108 access-list Outside_nat_outbound_2 outside

access-list Outside_nat_outbound_2 extended permit ip object-group DM_INLINE_NETWORK_1513 172.18.108.0 255.255.255.0

This would be equivilant to the following:

object network DEST
  subnet 172.18.108.0 255.255.255.0

nat (Outside,UNIX-MT-MGMT) source dynamic DM_INLINE_NETWORK_1513 172.18.108.106 destination static DEST DEST

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card