Reply
Highlighted
L0 Member
Posts: 2
Registered: ‎02-16-2015

Migration tool - Cisco ASA Dynamic IP instead of Dynamic IP and Port

We did a migration from an ASA config to PAN with the Migration tool 3.3.15 and we noticed the following.

 

Two rules from this ASA config:

- nat (DMZ,ISP) source dynamic PROXY public-ip 
- nat (DMZ-AP,WAN) source dynamic AP-NET interface 
 
proxy and public-ip are both /32 address objects.
ap-net is /24 address object.
 
The first rule is migrated to a source nat dynamic IP.
The second rule is migrated to a source nat dynamic IP and Port.
 
However the Cisco seems to treat the first rule as dynamic IP and Port. (Maybe a Cisco expert could elaborate)
So I would expect the migration tool to translate this to dynamic IP and Port.
 
Is this expected behavior or should this nat rule be translated to dynamic ip and port, since this is closer to what the Cisco seems doing?