Mar 01

ASA 8.3/8.4 NAT Migration Lab Guide

Lets reinvents the wheel. Just to add a bit more fun to NAT, Cisco now a new (third) way to configure NAT on the Cisco devices. Yes, third as its already a bit different for configuring NAT on Rotuers, different on ASA pre 8.2 and here we are with NAT on ASA 8.3/8.4. I am using version 8.4 so to be precise it will be ASA 8.4 NAT configuration example. This new NAT configuration is now around for more than a year but migrating from old to new depends how complex your configuration is.

Now I am trying to keep things simple as I can, not because you will understand it easily but because I will confuse myself if I made it too complex. I will be starting a series of posts where I will explain NAT migration from old version to new step by step and I will use this post as an index of labs which tests and explains each NAT type.

We will have our labs on the following pattern

Lab 1.0 – Dynamic NAT/PAT Overload

Lab 1.1 – Dynamic Policy NAT

Lab 1.2 – Dynamic NAT/PAT, Dynamic NAT/PAT Interface Overload,

Dynamic Policy NAT/PAT Combined

Lab 1.3 – Static NAT, Static Policy NAT, Staic NAT with Port Translation, Many to Many Static NAT

Lab 1.4 – Double NAT/Source Destination NAT 

Let start, but before we do that we need GNS3. I have a lab where I can do all this stuff but why bother when you can do all your labs in GNS3. Now, getting router working in GNS3 is simple enough but ASA a bit tricky but anyway I will explain, add links to get both router and ASA configured in GNS3.

GNS3 Configuration

1. Download GNS3 from http://www.gns3.net/download/. I am using Version GNS3 v0.8.2 BETA2 all-in-one.
2. After installation, download the router image from Cisco Website or any other source you have. I am using Router Image 7200 Series. The 7200 image is very much stable and never had any issue with it. Exact Version info – Cisco IOS Software, 7200 Software (C7200-ADVENTERPRISEK9-M), Version 12.4(24)T6, RELEASE SOFTWARE (fc2)

3. Add this image to GNS3. Place a single router on the GNS worksheet and start the router, get the idle PC value and set it for the router. Its very important as with every router added, its going to slow down the system. ASA is specifically very bad and going to spike your RAM and CPU usage.

4. Configure the ASA in GNS as detailed in the post below


Now you are ready to go and have a look at the labs.

