Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
921
Views
0
Helpful
9
Replies

lan2lan - cisco 8.4

Network Pro
Level 1
Level 1

‎08-22-2013 08:32 AM

Hi,

i am  using a cisco asa 8.4 version and how do i convert these no -nat statement (prior 8.3)

access-list nonat extended permit ip 192.168.10.0 255.255.255.0 172.22.0.0 255.255.0.0

access-list prime extended permit ip   192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0

what are the commands for the above in version 8.4 please?

Thanks

Labels:
15366346-Harefield.txt.zip
15366347-ASA5520.txt.zip
0 Helpful
9 Replies 9

Gajendra R'
Level 1
Level 1

‎08-23-2013 03:06 AM

hi,

access-list nonat extended permit ip 192.168.10.0 255.255.255.0 172.22.0.0 255.255.0.0

nat (inside) 0 access-list nonat

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Gajendra R'

‎08-23-2013 06:40 AM

This format is the format pre 8.3 and the original poster is asking for the format post 8.3.

I believe that something like this is what the original poster is looking for

object network OBJ_192.168.10
subnet 192.168.10.0 255.255.255.0
object network OBJ_172.22.0.0
subnet 172.22.0.0 255.255.0.0
nat (inside,outside) source static OBJ_192.168.10.0 OBJ_192.168.10.0 destination static OBJ_172.22.0.0 OBJ_172.22.0.0

object network OBJ_192.168.20.0
subnet 192.168.20.0 255.255.255.0
nat (inside,outside) source static OBJ_192.168.10.0 OBJ_192.168.10.0 destination static OBJ_192.168.20.0 OBJ_192.168.20.0

HTH

Rick

HTH

Rick
0 Helpful

Network Pro
Level 1
Level 1
In response to Richard Burts

‎08-27-2013 04:06 AM

Thanks Richard. I managed to figure this out but the problem i am having now is that the tunnel drops randomly after few mintues. (I am creating a tunnel between cicso asa 5505 (ver 8.4) and cisco 5520 (ver 8.2)

any clue why ? i have checked all settings and this seems to be ok (phase 1 and phase 2) - attached relevant config

0 Helpful

Network Pro
Level 1
Level 1
In response to Network Pro

‎08-28-2013 09:23 AM

any help appreciated please?

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Network Pro

‎08-28-2013 03:42 PM

I am glad that you figured out the translation. Your post says config was attached. But when I read your post I am not seeing any config.

HTH

Rick

HTH

Rick
0 Helpful

Network Pro
Level 1
Level 1
In response to Richard Burts

‎08-29-2013 02:31 AM

Hi Richard,

i have attached in the first post right at the top

0 Helpful

Gajendra R'
Level 1
Level 1
In response to Network Pro

‎08-29-2013 02:37 AM

Hi,

Please disable PFS and check.

Thanks

Gajendra

0 Helpful

Network Pro
Level 1
Level 1
In response to Gajendra R'

‎08-29-2013 03:54 AM

havnt got pfs enabled

0 Helpful

Network Pro
Level 1
Level 1
In response to Network Pro

‎08-30-2013 02:09 AM

resolved the problem - think it was phase 2 was set to 3600 seconds instead of 28800. had to do the config from scratch and this did the trick. Thanks

0 Helpful
Customers Also Viewed These Support Documents