conversion of nat from asa8.2 to asa8.3

Exactly do they mean by twice NAT?

Also, what would be the PAT syntax and the NAT syntax for the network?

ex: How do I convert these commands?

global (outside) 1 interface
nat (inside) 0 access-list inside_nat0_outbound
nat (inside) 1 192.168.0.0 255.255.192.0
samashcamAsked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
donmanrobbConnect With a Mentor Commented:
Another thing to keep in mind is that ACL logic has changed in 8.3 as well.

The outbound access-list now matches the packet destination meaning that if you had a webserver with public IP of 1.2.3.4 and natted it to 192.168.1.10 then your acl should be

access-list <outside acl> permit tcp any host 192.168.1.10 eq 80 instead of
access-list <outside acl> permit tcp any host 1.2.3.4 eq 80

Hope that helps
0
 
donmanrobbCommented:
object network LAN
 subnet 192.168.0.0 255.255.192.0
 nat (inside,outside) dynamic interface
0
 
donmanrobbCommented:
Twice NAT allows you to NAT the source and destination at the same time.
Generally you would use it for no-nat scenarios
0
What Kind of Coding Program is Right for You?

There are many ways to learn to code these days. From coding bootcamps like Flatiron School to online courses to totally free beginner resources. The best way to learn to code depends on many factors, but the most important one is you. See what course is best for you.

 
samashcamAuthor Commented:
So is that what I'm seeing with the ASDM? Every NAT rule has two statements.

Could that cause issues when you upgrade from 8.2 to 8.3? Nothing much was working right after the conversion.  We couldn't connect to a lot of the servers. What exactly should I be looking at as the culprit. NAT rules or access-rules? The access-rules look the same with ASDM in both 8.2 and 8.3 so I'm leaning towards NAT rules? Could the twice NAT cause issues?

I took out the unidirectional statements  for the VPNs.

0
 
donmanrobbCommented:
Twice NAT can also cause issues because it is handled first in NAT order of operations.
0
 
samashcamAuthor Commented:
I found some access-lists that had the wrong ips.

thx!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.