I am trying to replace an ASA 5510 running 7.2(2) with an ASA 5515x running 8.6(1)2. The problem I am having is that the NAT entries are not working on the ASA 5515x. Is there anything that needs to be considered when moving the configuration from the ASA 5510 to the ASA 5515x.
ASAs NAT configuration format went under a big change when going from 8.2 to 8.3. The NAT configuration format changed completely and therefore none of the old NAT configurations work anymore. These are "global" , "nat" and "static". Actual NAT configurations start with the command "nat" though but otherwise in a totally different format.
Your new ASA 5500-X series firewall can only use 8.6 or above software level. That is its "oldest" software. Therefore you cant use your old configuration on it. People who simply upgrade software on the original ASA5500 series will be able to just boot their ASA to the new software. Though while the ASA then migrates the NAT configurations to the new format, the results arent always the best.
One major change would also be ACLs. In the new software you will always use the real IP address in the interface ACL when allowing traffic somewhere. So even if you were allowing traffic to some server (that has a Static NAT configured on the ASA) you would now use the real IP address as the destination rather than the NAT IP address. This is mainly due to the fact that ASA handles NAT before ACL now in the new software.
There is also some minor changes to the commands related to VPN configurations.
But the above are the biggest changes.
How large NAT configuration do you have on the original ASA5510? If we are not talking about a huge configuration I could probably help with converting the NAT configurations.
Here is a document I wrote about the new NAT configuration format
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...