cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
861
Views
0
Helpful
9
Replies

lan2lan - cisco 8.4

Network Pro
Level 1
Level 1

Hi,

i am  using a cisco asa 8.4 version and how do i convert these no -nat statement (prior 8.3)

access-list nonat extended permit ip 192.168.10.0 255.255.255.0 172.22.0.0 255.255.0.0

access-list prime extended permit ip   192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0

what are the commands for the above in version 8.4 please?

Thanks

9 Replies 9

Gajendra R'
Level 1
Level 1

hi,

access-list nonat extended permit ip 192.168.10.0 255.255.255.0 172.22.0.0 255.255.0.0

nat (inside) 0 access-list nonat

This format is the format pre 8.3 and the original poster is asking for the format post 8.3.

I believe that something like this is what the original poster is looking for

object network OBJ_192.168.10
subnet 192.168.10.0 255.255.255.0
object network OBJ_172.22.0.0
subnet 172.22.0.0 255.255.0.0
nat (inside,outside) source static OBJ_192.168.10.0 OBJ_192.168.10.0 destination static OBJ_172.22.0.0 OBJ_172.22.0.0

object network OBJ_192.168.20.0
subnet 192.168.20.0 255.255.255.0
nat (inside,outside) source static OBJ_192.168.10.0 OBJ_192.168.10.0 destination static OBJ_192.168.20.0 OBJ_192.168.20.0

HTH

Rick

HTH

Rick

Thanks Richard. I managed to figure this out but the problem i am having now is that the tunnel drops randomly after few mintues. (I am creating a tunnel between cicso asa 5505 (ver 8.4) and cisco 5520 (ver 8.2)

any clue why ? i have checked all settings and this seems to be ok (phase 1 and phase 2) - attached relevant config

any help appreciated please?

I am glad that you figured out the translation. Your post says config was attached. But when I read your post I am not seeing any config.

HTH

Rick

HTH

Rick

Hi Richard,

i have attached in the first post right at the top

Hi,

Please disable PFS and check.

Thanks

Gajendra

havnt got pfs enabled

resolved the problem - think it was phase 2 was set to 3600 seconds instead of 28800. had to do the config from scratch and this did the trick. Thanks

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: