Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

lan2lan - cisco 8.4

Hi,

i am  using a cisco asa 8.4 version and how do i convert these no -nat statement (prior 8.3)

access-list nonat extended permit ip 192.168.10.0 255.255.255.0 172.22.0.0 255.255.0.0

access-list prime extended permit ip   192.168.10.0 255.255.255.0 192.168.20.0 255.255.255.0

global (outside) 1 interface

nat (inside) 0 access-list nonat

nat (inside) 1 0.0.0.0 0.0.0.0

what are the commands for the above in version 8.4 please?

Thanks

9 REPLIES
New Member

lan2lan - cisco 8.4

hi,

access-list nonat extended permit ip 192.168.10.0 255.255.255.0 172.22.0.0 255.255.0.0

nat (inside) 0 access-list nonat

Hall of Fame Super Silver

lan2lan - cisco 8.4

This format is the format pre 8.3 and the original poster is asking for the format post 8.3.

I believe that something like this is what the original poster is looking for

object network OBJ_192.168.10
subnet 192.168.10.0 255.255.255.0
object network OBJ_172.22.0.0
subnet 172.22.0.0 255.255.0.0
nat (inside,outside) source static OBJ_192.168.10.0 OBJ_192.168.10.0 destination static OBJ_172.22.0.0 OBJ_172.22.0.0

object network OBJ_192.168.20.0
subnet 192.168.20.0 255.255.255.0
nat (inside,outside) source static OBJ_192.168.10.0 OBJ_192.168.10.0 destination static OBJ_192.168.20.0 OBJ_192.168.20.0

HTH

Rick

New Member

lan2lan - cisco 8.4

Thanks Richard. I managed to figure this out but the problem i am having now is that the tunnel drops randomly after few mintues. (I am creating a tunnel between cicso asa 5505 (ver 8.4) and cisco 5520 (ver 8.2)

any clue why ? i have checked all settings and this seems to be ok (phase 1 and phase 2) - attached relevant config

New Member

lan2lan - cisco 8.4

any help appreciated please?

Hall of Fame Super Silver

lan2lan - cisco 8.4

I am glad that you figured out the translation. Your post says config was attached. But when I read your post I am not seeing any config.

HTH

Rick

New Member

lan2lan - cisco 8.4

Hi Richard,

i have attached in the first post right at the top

New Member

lan2lan - cisco 8.4

Hi,

Please disable PFS and check.

Thanks

Gajendra

New Member

lan2lan - cisco 8.4

havnt got pfs enabled

New Member

lan2lan - cisco 8.4

resolved the problem - think it was phase 2 was set to 3600 seconds instead of 28800. had to do the config from scratch and this did the trick. Thanks

384
Views
0
Helpful
9
Replies
CreatePlease login to create content