Руководство По Установке для Cisco Cisco ASA 5585-X with No Payload Encryption
39
Cisco ASA 5500 Migration to Version 8.3
OL-22176-01
Network and Service Object Migration
•
If you use a named IP address in NAT (using the name command) and the names command is
enabled, then a network object is created even if an inline IP address could be used in the new nat
command.
enabled, then a network object is created even if an inline IP address could be used in the new nat
command.
•
If an access-list command includes an IP address that was used in NAT, and the NAT migration
created a network object for that IP address, then the network object replaces the IP address in the
access-list command.
created a network object for that IP address, then the network object replaces the IP address in the
access-list command.
•
If you use a named IP address in the access-list command (using the name command) and the names
command is enabled, then an object replaces the name.
command is enabled, then an object replaces the name.
•
For multiple global commands that share the same NAT ID, a network object group is created that
contains the network objects created for the inline IP addresses.
contains the network objects created for the inline IP addresses.
Objects are not created for the following cases:
•
A name command exists in the configuration, but is not used in a nat or access-list command.
•
An inline value that is still allowed in the nat command.
•
name commands used under object-group commands.
•
IP addresses used in access-list commands that are not used in NAT or named with a name
command.
command.
Note
The name commands continue to exist in your configuration for use with other features that do not yet
support network objects.
support network objects.
ASDM
ASDM has supported named network objects for a number of releases; now, the platform has the
commands to properly support them as well.
commands to properly support them as well.
ASDM also automatically creates non-named objects for any IP addresses used in the configuration.
These auto-created objects are identified by the IP address only, do not have a name, and are not present
as named objects in the platform configuration.
These auto-created objects are identified by the IP address only, do not have a name, and are not present
as named objects in the platform configuration.
If you manually assign a name to one of these non-named ASDM objects, then ASDM adds the named
network object to the platform configuration. If you do not add a name, it remains an ASDM-only object.
network object to the platform configuration. If you do not add a name, it remains an ASDM-only object.
When the ASA creates named objects as part of the migration, the matching non-named ASDM-only
objects are replaced with the named objects. The only exception are non-named objects in a network
object group. When the ASA creates named objects for IP addresses that are inside a network object
group, ASDM retains the non-named objects as well, creating duplicate objects in ASDM. To merge
these objects, choose Tools > Migrate Network Object Group Members.
objects are replaced with the named objects. The only exception are non-named objects in a network
object group. When the ASA creates named objects for IP addresses that are inside a network object
group, ASDM retains the non-named objects as well, creating duplicate objects in ASDM. To merge
these objects, choose Tools > Migrate Network Object Group Members.
Note
ASDM no longer shows any objects derived from the name command. Previously, you might have used
named objects derived from the name command in ASDM. If the name command IP address was not
migrated, then these objects are replaced by auto-created objects identified by an IP address.
named objects derived from the name command in ASDM. If the name command IP address was not
migrated, then these objects are replaced by auto-created objects identified by an IP address.
Object Migration Naming Conventions
This section includes the following topics:
•
•