Help with a Nat rule in ASA Software Version 8.2

So i need to add this NAT rule in one of our new ASA devices

I successfully added it on one side but its running a older version of the firmware

nat (Inside,Outside) source static SHF-BRKLYN-LAN_LOCAL SHF-BRKLYN-LAN_LOCAL destination static SHF-NY-LAN_LOCAL SHF-NY-LAN_LOCAL

Open in new window

Rat ZuluAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

LeoCommented:
so you need assistance in NAT rule or upgrading the firmware?
0
Rat ZuluAuthor Commented:
Both Actually

I want to upgrade the firmware but i prefer to do it in the weekend

How can i setup a nat like this in 8.2?

Thanks in advance
0
LeoCommented:
There have been few changes in how NAT commands are defined in ASA NAT 8.3+ have a look at this document.
https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli 

For your upgrade you need to upgrade from 8.2 to 8.4 and then to 9.1, cli commands for upgrade are listed here...
http://www.cisco.com/c/en/us/td/docs/security/asa/asa91/upgrade/upgrade91.html
0
Ken BooneNetwork ConsultantCommented:
I am assuming that this rule pertains to a VPN tunnel.

If it does, this is done much differently in 8.2 code.   In 8.2 code you would create a no nat rule that would include an ACL like this:

access-list NO-NAT extended permit ip x.x.x.0 255.255.255.0 y.y.y.0 255.255.255.0

x.x.x.0 = SHF-BRKLYN-LAN_LOCAL
y.y.y.0 = SHF-NY-LAN_LOCAL

then you need to apply it to what is referred to as a NAT 0 statement:

nat (inside) 0 access-list NO-NAT

So what this does is says that when traffic comes in from the inside interface - if it matches the ACL NO-NAT then do not perform a NAT operation when the packet is routed to another interface.

Hope that helps.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Rat ZuluAuthor Commented:
Ken Boone CCIE #4649

Yes for a L2L

Thanks brother, appreciate it
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.