Do you need to convert ASA 8.2 and under code to the new ASA 8.3+ code? The NAT statements are entirely different in the new code. During the upgrade the ASA will try to convert it automatically but this is worthless because it does a horrible job at it. Cisco recommends using auto NAT. This is also bad advice to use Auto NAT because it makes extremly ugly and hard to manage code. This conversion tool will convert your NAT statements to the easist to read and manage code.
Privacy Note: None of the data entered into the text area is uploaded to a server. All of the work of this tool is done on the client side. This means it’s safe to enter sensitive data without worrying about it traveling over the internet. You can even connect to this webpage, disconnect from internet and still use the conversion tool without any difference in functionality.
static (INSIDE,OUTISDE) 55.55.55.2 192.168.1.2 netmask 255.255.255.255
static (DMZ,OUTSIDE) tcp interface 8080 172.16.0.10 www netmask 255.255.255.255
static (INSIDE,DMZ) 10.10.10.0 172.16.10.0 netmask 255.255.255.0 dns
static (INSIDE,DMZ) 192.168.100.49 172.24.2.49 netmask 255.255.255.255 tcp 255 2000
static (INSIDE,EXT) 172.16.25.25 access-list ACL-NAT2
access-list ACL-NAT2 extended permit ip 192.168.29.0 255.255.255.0 host 10.1.25.205
*New* Global+NAT Example:
nat (INSIDE) 1 10.0.0.0 255.255.255.0
global (OUTSIDE) 1 interface
nat (INSIDE) 2 access-list ACL-NAT3
global (OUTSIDE) 2 22.22.22.128 netmask 255.255.255.128
access-list ACL-NAT3 standard permit host 33.33.33.33
*New* NAT Zero+ACL Example:
nat (INSIDE) 0 access-list ACL-NONAT
access-list ACL-NONAT extended permit ip 192.168.5.0 255.255.255.0 host 172.16.200.205
access-list ACL-NONAT extended permit ip any host 172.16.200.203
Click on the Link Below:
Input ASA 8.2 NAT statements
Source:- http://www.tunnelsup.com/
Preparing your code
Gather the output from the following commands in your old ASA code:show run global show run nat show run static
If there are any related ACLs in the NAT statements get that configuration also by doing:show run access-list | include [ACL-NAME]
Paste the output from the commands above into the text area and click convert. You should examine the results to verify the config is accurate.Privacy Note: None of the data entered into the text area is uploaded to a server. All of the work of this tool is done on the client side. This means it’s safe to enter sensitive data without worrying about it traveling over the internet. You can even connect to this webpage, disconnect from internet and still use the conversion tool without any difference in functionality.
Examples
Static NAT Examples:static (INSIDE,OUTISDE) 55.55.55.2 192.168.1.2 netmask 255.255.255.255
static (DMZ,OUTSIDE) tcp interface 8080 172.16.0.10 www netmask 255.255.255.255
static (INSIDE,DMZ) 10.10.10.0 172.16.10.0 netmask 255.255.255.0 dns
static (INSIDE,DMZ) 192.168.100.49 172.24.2.49 netmask 255.255.255.255 tcp 255 2000
static (INSIDE,EXT) 172.16.25.25 access-list ACL-NAT2
access-list ACL-NAT2 extended permit ip 192.168.29.0 255.255.255.0 host 10.1.25.205
*New* Global+NAT Example:
nat (INSIDE) 1 10.0.0.0 255.255.255.0
global (OUTSIDE) 1 interface
nat (INSIDE) 2 access-list ACL-NAT3
global (OUTSIDE) 2 22.22.22.128 netmask 255.255.255.128
access-list ACL-NAT3 standard permit host 33.33.33.33
*New* NAT Zero+ACL Example:
nat (INSIDE) 0 access-list ACL-NONAT
access-list ACL-NONAT extended permit ip 192.168.5.0 255.255.255.0 host 172.16.200.205
access-list ACL-NONAT extended permit ip any host 172.16.200.203
Click on the Link Below:
Input ASA 8.2 NAT statements
Source:- http://www.tunnelsup.com/