Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
443
Views
0
Helpful
3
Replies

Migrating from ASA5510(8.4.1) to 5525x (9.1x).. Should I be NAT worried?

Go to solution
dmooregfb
Level 5
Level 5

‎06-02-2014 11:33 AM - edited ‎03-11-2019 09:16 PM

I recently attempted to move from a ASA 5510 over to a spare 5520 running the same code (8.4.1) and ran into a problem with NAT to the Internet. I had set the same public IP address due to several vendors accepting only this certain address. So, when I migrated to the new 5520, NAT on this address did not work, meaning no traffic outbound would pass. However, if I change to another Public address no problems with traffic passing as expected. So my question is, I am migrating to a scratch-built 5525x using 9.1x code and will be using the same Public NAT address as on the 5510. Should I expect traffic to pass as expected or do I need to migrate to another address? Logic is telling me there should be no issues, but recent experience is making me jittery... Thanks for any comments Dave
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-02-2014 12:03 PM

Your recent experience may not have had anything to do with NAT per se even though that's how it manifested itself most obviously to you.

I suspect it may have had to do with your upstream gateway's arp cache. I have often seen when replacing hardware that we need to ask the ISP to flush their ARP cache so they can re-learn the new MAC address association to your pre-existing IP.

In any case, NAT should not be adversely affected when migrating from 8.4(1) to 9.1(x).

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎06-02-2014 12:03 PM

Your recent experience may not have had anything to do with NAT per se even though that's how it manifested itself most obviously to you.

I suspect it may have had to do with your upstream gateway's arp cache. I have often seen when replacing hardware that we need to ask the ISP to flush their ARP cache so they can re-learn the new MAC address association to your pre-existing IP.

In any case, NAT should not be adversely affected when migrating from 8.4(1) to 9.1(x).

0 Helpful

Go to solution
jan.nielsen
Level 7
Level 7

‎06-03-2014 04:53 AM

As Marvin stated, your problem is more likely to be ARP related than NAT related. However depending on your nat configuration, i would advise you to look at the release notes for 8.4(2-5) as there are some changes regarding proxy-arp that might affect you.

0 Helpful

Go to solution
dmooregfb
Level 5
Level 5
In response to jan.nielsen

‎06-03-2014 05:26 AM

Jan, thanks for the info. I certainly will check it out. I know that 8.4 change the NAT game and this configuration was an upgrade from 8.2x. 

Regards,

Dave

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card