Cisco ASA NAT Conversion Tool

Cisco ASA NAT Conversion Tool

Do you need to convert ASA 8.2 and under the code to the new ASA 8.3+ code? The NAT statements are entirely different in the new code. During the upgrade, the ASA will try to convert it automatically but this is worthless because it does a horrible job at it. Cisco recommends using Auto NAT. This is also bad advice to use Auto NAT because it makes extremely ugly and hard to manage code. This conversion tool will convert your NAT statements to the easiest to read and manage code.

Preparing your code

Gather the output from the following commands in your old ASA code:
show run global

show run nat

show run static
If there are any related ACLs in the NAT statements get that configuration also by doing:
show run access-list | include [ACL-NAME]
Paste the output from the commands above into the text area and click convert. You should examine the results to verify the config is accurate.

Privacy Note: None of the data entered into the text area is uploaded to a server. All of the work of this tool is done on the client side. This means it’s safe to enter sensitive data without worrying about it traveling over the internet. You can even connect to this webpage, disconnect from internet and still use the conversion tool without any difference in functionality. 


Static NAT Examples:
static (INSIDE,OUTISDE) netmask 
static (DMZ,OUTSIDE) tcp interface 8080 www netmask 
static (INSIDE,DMZ) netmask dns 
static (INSIDE,DMZ) netmask tcp 255 2000
static (INSIDE,EXT) access-list ACL-NAT2
access-list ACL-NAT2 extended permit ip host

*New* Global+NAT Example:
nat (INSIDE) 1
global (OUTSIDE) 1 interface
nat (INSIDE) 2 access-list ACL-NAT3
global (OUTSIDE) 2 netmask
access-list ACL-NAT3 standard permit host

*New* NAT Zero+ACL Example:
nat (INSIDE) 0 access-list ACL-NONAT
access-list ACL-NONAT extended permit ip host
access-list ACL-NONAT extended permit ip any host 

Now Just Click on this link to convert your NAT configuration:

Cisco ASA NAT Conversion Tool


Popular posts from this blog

Download IOS Image for Router

tcpdumps in Checkpoint Firewall