{"id":953,"date":"2013-11-24T10:09:11","date_gmt":"2013-11-24T09:09:11","guid":{"rendered":"http:\/\/diablo.craem.net\/wordpress\/?p=953"},"modified":"2013-11-24T10:09:11","modified_gmt":"2013-11-24T09:09:11","slug":"cisco-asa-8-2-to-9-x-migrando-parte-1","status":"publish","type":"post","link":"https:\/\/diablo.craem.net\/?p=953","title":{"rendered":"Cisco ASA 8.2 to 9.x :: migrando :: parte 1"},"content":{"rendered":"<p>Hace poco me decid\u00ed\u00ad a probar la versi\u00f3n 8.4 de asa y la reci\u00e9n horneada 9.1.3 pero mi sorpresa al migrar desde la 8.2, es que todo el tema de nat, cambia por completo&#8230; ahora tiene m\u00e1s opciones.<br \/>\nTenemos un equipo con la 192.168.2.2 y lo queremos natear a la p\u00fablica 172.26.2.2&#8230; empezamos con el pix\/asa 7.2.x \/ 8.x:<br \/>\n<code><br \/>\nstatic (inside,outside) 172.26.2.2 192.168.2.2 netmask 255.255.255.255<br \/>\n<\/code><br \/>\nCon esta entrada, nateamos la ip privada 192.168.2.2  a la p\u00fablica 172.26.2.2, esto en nuestro asa 7.2.x hasta la 8.2.5.<br \/>\nSi queremos hacer lo mismo en una versi\u00f3n m\u00e1s nueva.. 8.4 o superior, deber\u00e1 ser as\u00ed\u00ad:<br \/>\nprimero definimos el objeto:<br \/>\n<code><br \/>\nobject network poseidon<br \/>\n host 192.168.2.2<br \/>\n<\/code><br \/>\nY seguimos:<br \/>\n<code><br \/>\nobject network poseidon<br \/>\n nat (inside,outside) static 172.26.2.2<br \/>\n<\/code><br \/>\nLas access-list, quedan igual&#8230; con esto, ya tenemos solucionado el primer paso, que es crear las publicaciones.<br \/>\nDonde antes ten\u00ed\u00adamos el nat global y dem\u00e1s hist\u00f3rias :<br \/>\n<code><br \/>\nnat (inside) 1 192.168.2.0 255.255.255.0<br \/>\nglobal (outside) 1 interface<br \/>\n<\/code><br \/>\nahora ser\u00e1 as\u00ed\u00ad:<br \/>\n<code><br \/>\nobject network red_local<br \/>\n subnet 192.168.2.0 255.255.255.0<br \/>\nobject network red_local<br \/>\n nat (inside,outside) dynamic interface<br \/>\n<\/code><br \/>\nY la excepci\u00f3n de nat&#8230;. por ejemplo, quiero evitar el nat de la 192.168.2.0\/24 a la 10.0.0.0\/8 (red Guifi); en el asa 7.2 es as\u00ed\u00ad:<br \/>\n<code><br \/>\naccess-list 100 permit ip 192.168.2.0 255.255.255.0 10.0.0.0 255.0.0.0<br \/>\nnat (inside) 0 access-list 100<br \/>\n<\/code><br \/>\nY nos queda tal que:<br \/>\n<code><br \/>\nobject network redLocal<br \/>\n  subnet 192.168.2.0 255.255.255.0<br \/>\nobject network redGuifi<br \/>\n  subnet 10.0.0.0 255.255.255.0<br \/>\nnat (inside,any) source static redLocal redLocal destination static redGuifi redGuifi no-proxy-arp<br \/>\n<\/code><br \/>\nCon esto ya tenemos la primera parte &#8230;. enjoy \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hace poco me decid\u00ed\u00ad a probar la versi\u00f3n 8.4 de asa y la reci\u00e9n horneada 9.1.3 pero mi sorpresa al migrar desde la 8.2, es que todo el tema de nat, cambia por completo&#8230; ahora tiene m\u00e1s opciones. Tenemos un equipo con la 192.168.2.2 y lo queremos natear a la p\u00fablica 172.26.2.2&#8230; empezamos con el [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[26,27,44],"class_list":["post-953","post","type-post","status-publish","format-standard","hentry","category-cisco","tag-asa-9","tag-asdm","tag-cisco-asa"],"_links":{"self":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/953","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=953"}],"version-history":[{"count":0,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=\/wp\/v2\/posts\/953\/revisions"}],"wp:attachment":[{"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=953"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=953"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/diablo.craem.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=953"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}