Only 2 security rules modified by NAT rule?

Reply
L1 Bithead

Only 2 security rules modified by NAT rule?

I have imported an ASA configuration and for 2 security rules I see the information message that the NAT rule modified the destination address of the security rule, however, it only did this on the DMZ zone for 2 addresses and not the inside zone.  Is there anything we can do to make the MT change all destination addresses for security rules that have NAT?  Here is a screen capture of my message:

 

MT-message.PNG

L7 Applicator

Re: Only 2 security rules modified by NAT rule?

We are currently checking if the objects used in the dnat is the same used as a destination on the security rule. If the objects matches then we replace them. If you are using Ip address in the rules and objects in Nat then they will not match and the tool not be able to replace them. We will improve this in 4.0 to check ip address instead.

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!