Cisco ASA NAT Conversion Tool




Cisco ASA NAT Conversion Tool



Do you need to convert ASA 8.2 and under the code to the new ASA 8.3+ code? The NAT statements are entirely different in the new code. During the upgrade, the ASA will try to convert it automatically but this is worthless because it does a horrible job at it. Cisco recommends using Auto NAT. This is also bad advice to use Auto NAT because it makes extremely ugly and hard to manage code. This conversion tool will convert your NAT statements to the easiest to read and manage code.


Preparing your code

Gather the output from the following commands in your old ASA code:
show run global

show run nat

show run static
If there are any related ACLs in the NAT statements get that configuration also by doing:
show run access-list | include [ACL-NAME]
Paste the output from the commands above into the text area and click convert. You should examine the results to verify the config is accurate.

Privacy Note: None of the data entered into the text area is uploaded to a server. All of the work of this tool is done on the client side. This means it’s safe to enter sensitive data without worrying about it traveling over the internet. You can even connect to this webpage, disconnect from internet and still use the conversion tool without any difference in functionality. 

Examples

Static NAT Examples:
static (INSIDE,OUTISDE) 55.55.55.2 192.168.1.2 netmask 255.255.255.255 
static (DMZ,OUTSIDE) tcp interface 8080 172.16.0.10 www netmask 255.255.255.255 
static (INSIDE,DMZ) 10.10.10.0 172.16.10.0 netmask 255.255.255.0 dns 
static (INSIDE,DMZ) 192.168.100.49 172.24.2.49 netmask 255.255.255.255 tcp 255 2000
static (INSIDE,EXT) 172.16.25.25 access-list ACL-NAT2
access-list ACL-NAT2 extended permit ip 192.168.29.0 255.255.255.0 host 10.1.25.205

*New* Global+NAT Example:
nat (INSIDE) 1 10.0.0.0 255.255.255.0
global (OUTSIDE) 1 interface
nat (INSIDE) 2 access-list ACL-NAT3
global (OUTSIDE) 2 22.22.22.128 netmask 255.255.255.128
access-list ACL-NAT3 standard permit host 33.33.33.33

*New* NAT Zero+ACL Example:
nat (INSIDE) 0 access-list ACL-NONAT
access-list ACL-NONAT extended permit ip 192.168.5.0 255.255.255.0 host 172.16.200.205
access-list ACL-NONAT extended permit ip any host 172.16.200.203 



Now Just Click on this link to convert your NAT configuration:

Cisco ASA NAT Conversion Tool


Comments

Popular posts from this blog

Download IOS Image for Router

tcpdumps in Checkpoint Firewall