But I tend to avoid using "any" in NAT configurations.
I am not sure in what kind of network this original NAT configurations is in use. Are there perpaps only public IP addresses used behind this interface? Or is this perhaps some internal firewall that is not meant to perform private to public NAT for the networks?
On a very basic firewall setup you would currently only configure Dynamic PAT/NAT towards the public network. No other NAT would be needed for example between your local interface if you didnt specifically want to NAT the addresses.
The idea by using the "object-group network" to group all the networks behind "vlan12" was simply to try to keep the NAT operation the same wihtout using the "any" parameter.
I did write a NAT 8.3+ document here on the CSC. Though its still work in progress
So what you basically mean is that, while in the older version it needed the above configuration to allow Any traffic to flow freely (without NAT) between my interfaces, in version 8.3+ i dont need to add anything, just leave it as is and it would work just fine! did i get u right?
In general if you had a setup where the firewall was ONLY doing access control and NAT was not required at all then you could leave the ASA in the new software wihtout any NAT configurations.
But usually the situation is that there is some NAT configurations that need to be applied as firewalls are typically at the edge of the internal and external network.
I tend to first go through the entire NAT configuration and operation of the firewall that is about to be migrated. Then I build the new NAT rules on the basis of that.
Usually I first convert the Dynamic PAT/NAT and Static NAT/PAT rules and leave the special Policy NAT or NAT0 configurations last.
I am very hesitant to say that I am 100% sure the above configurations would handle your situation BUT it looks to me that it should do the same. As I said, I would rather be as specific as I can when building the NAT rules and avoid using "any" in the NAT configurations just to avoid any possible suprises with the NAT operation.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...