Migrate multiple static NAT from Cisco ASA 7.x to Cisco IOS router
Please assist in a design problem we have iminent. I need to replace an ASA with an IOS firewall router, and am not sure how to migrate the NAT configuration. Specifically, there is an interface "3rdparty" that has onward connectivity to other private addresses, so our internal addressing is hidden. For some reason there are static NAT rules in different directions across the interface, but at present I cannot see why. Thinking in router terms, all that springs to mind is the inside and outside tags for the interfaces, but also that it might need "overlapping" NAT to be configured.
Migrate multiple static NAT from Cisco ASA 7.x to Cisco IOS rout
Thank you for your reply - I think at this stage I am just trying to verify some base NAT config that I should put on the router. I would post a problem with the functionality in a different discussion.
I was planning to use the "overload" command and an access-list identifying subnets to exclude and allow, to create dynamic NAT (PAT) on both the Public Internet and 3rd party interfaces (one statement for each interface). Then use some static NAT statements to map the host to host translations on the 172.31 (3rd party) and 10.110 & 10.111 (Inside private) subnets.
I undestand that an interface has to have either an "inside" or "outside" statement to participate in NAT, so I guess that I must assign the "outside" statement to the 3rd party interface, or else our internal 10.110 addresses will not be hidden. I do not think it will be a problem, as I believe the 3rd party subnet does not need to access the Internet (presuming this would be impossible as they are both "outside" NAT interfaces?).
I have included a basic diagram of the target router.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :