Cisco Cisco ASA 5515-X Adaptive Security Appliance - No Payload Encryption Installation Guide
16
Cisco ASA 5500 Migration to Version 8.3
OL-22176-01
NAT Migration
New NAT Commands
lists the new NAT commands. See also the
.
Table 3
New NAT Commands
New Commands
Configuratio
n Mode
n Mode
Syntax
Network Object NAT
(Typically used for regular NAT configurations.)
nat dynamic
Object
network
network
object network
name
nat
[(real_ifc,mapped_ifc)] dynamic
{[mapped_inline_host_ip] [interface] |
[mapped_obj] [pat-pool mapped_obj [round-robin]] [interface]} [dns]
nat static
Object
network
network
object network
name
nat
[(real_ifc,mapped_ifc)] static
{mapped_inline_ip | mapped_obj | interface}
[dns | service {tcp | udp} real_port mapped_port]
[no-proxy-arp] [route-lookup]
Twice NAT
(Typically used for policy NAT configurations.)
nat source dynamic Global
nat
[(real_ifc,mapped_ifc)] [line | {after-object [line]}]
source
dynamic {real_obj | any}
{[mapped_obj] [pat-pool mapped_obj [round-robin]] [interface]}
[destination static {mapped_obj | interface} {real_obj | any}]
[service {mapped_dest_svc_obj real_dest_svc_obj] [dns] [unidirectional]
[inactive] [description desc]
nat source static
Global
nat
[(real_ifc,mapped_ifc)] [line | {after-object [line]}]
source
static {real_obj | any} {mapped_obj | interface | any}}
[destination static {mapped_obj | interface} {real_obj | any}]
[service {real_src_mapped_dest_svc_obj | any}
mapped_src_real_dest_svc_obj] [dns] [unidirectional | [no-proxy-arp]
[route-lookup]] [inactive] [description desc]
Note
The no-proxy-arp, route-lookup, pat-pool, and round-robin keywords were added in 8.4(2).
ASDM
For ASDM, the existing NAT rules will be migrated to two new types of rules:
•
Network Object NAT:
Configuration > Firewall > Objects > Network Objects/Groups > Add/Edit Network Object.
•
Twice NAT:
Configuration > Firewall > NAT Rules