{"id":1057,"date":"2014-10-01T22:41:16","date_gmt":"2014-10-01T21:41:16","guid":{"rendered":"http:\/\/diablo.craem.net\/?p=1057"},"modified":"2014-10-01T22:41:16","modified_gmt":"2014-10-01T21:41:16","slug":"cisco-asa-8-2-to-9-x-migrando-parte-2","status":"publish","type":"post","link":"https:\/\/diablo.craem.net\/?p=1057","title":{"rendered":"Cisco ASA 8.2 to 9.x :: migrando :: parte 2"},"content":{"rendered":"

En esta ocasi\u00f3n, me toca migrar tema NAT.
\nSupongamos que tenemos nuestra red local 192.168.2.0\/24 y un rango de ip’s p\u00fablicas, por ejemplo 1.1.1.0\/29.
\nLo m\u00e1s l\u00f3gico, es NATear 1:1, es decir, una ip privada de la red, contra una ip p\u00fablica y permitir \/ denegar tr\u00e1fico mediante ACL….. por defecto, est\u00e1 todo cerrado excepto, lo que nosotros permitimos…
\nconfiguraci\u00f3n en asa 8.2.5… ip privada 192.168.2.2, nateada contra la p\u00fablica 1.1.1.2 y permitimos 25 y 443 tcp.
\n
\nstatic (inside,outside) 1.1.1.2 192.168.2.2 netmask 255.255.255.255
\naccess-list outside_in permit tcp any host 1.1.1.2 eq 25
\naccess-list outside_in permit tcp any host 1.1.1.2 eq 443
\naccess-group outside_in in interface outside
\n<\/code>
\nAhora toca migrar la config a versi\u00f3n 9.x:
\n
\nobject network poseidon
\n host 192.168.2.2
\n nat (inside,outside) static 172.26.2.2
\naccess-list outside_in extended permit tcp any object poseidon eq 443
\naccess-list outside_in extended permit tcp any object poseidon eq 25
\naccess-group outside_in in interface outside
\n<\/code>
\nPrimero toca definir el objeto, aplicamos la regla al object y finalmente, el grupo de reglas al interface que toca.<\/p>\n","protected":false},"excerpt":{"rendered":"

En esta ocasi\u00f3n, me toca migrar tema NAT. Supongamos que tenemos nuestra red local 192.168.2.0\/24 y un rango de ip’s p\u00fablicas, por ejemplo 1.1.1.0\/29. Lo m\u00e1s l\u00f3gico, es NATear 1:1, es decir, una ip privada de la red, contra una ip p\u00fablica y permitir \/ denegar tr\u00e1fico mediante ACL….. por defecto, est\u00e1 todo cerrado excepto, […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[44,119],"class_list":["post-1057","post","type-post","status-publish","format-standard","hentry","category-sin-categoria","tag-cisco-asa","tag-nat"],"_links":{"self":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/1057","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1057"}],"version-history":[{"count":0,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/1057\/revisions"}],"wp:attachment":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1057"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1057"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1057"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}