For details on cookie usage on our site, read our Privacy Policy
Help required to convert Cisco ASA NAT rule onto Palo Alto
- LIVEcommunity
- Discussions
- General Topics
- Re: Help required to convert Cisco ASA NAT rule onto Palo Alto
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Printer Friendly Page
Help required to convert Cisco ASA NAT rule onto Palo Alto
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
02-22-2012 02:56 AM
Hi Guys,
I am not expert in reading or understanding the Cisco ASA NAT rules and I have just started to feel comfortable with Palo Alto except for NAT rules. Can someone please guide me through on how to go around configuring the following Cisco ASA NAT rule onto the Palo Alto?
I have just taken a couple of rules to convert. Based on this, I would get the rest done on my own.
Following are the CISCO ASA NAT RULEs:
Rule 1 # access-list inside_nat0_outbound extended permit ip 10.1.2.0 255.255.255.0 10.1.250.128 255.255.255.128
Rule 2 # access-list inside_nat0_outbound extended permit ip EH_Staff_Network 255.255.255.0 10.1.250.128 255.255.255.128
I know the exact rule cannot be expalined, but an overview on how to re-configure the above rules will be very helpful.
Many Thanks in Advance.
Regards,
Kal
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
02-28-2012 11:31 AM
The www.securlabs.net website is not affiliated with, endorsed or supported by Palo Alto Networks. Use of the site is at your own discretion and risk.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
03-01-2012 05:45 AM
James,
This installation has been a disaster for me. Just could not understand how the Cisco ASA works in terms of VPN and NAT. Hence, i had to pull back and leave the network as it is. 
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
03-01-2012 05:46 AM
Issues I had faced were:
a. We could access the Internet ONLY IF the Proxy settings were enabled on the web-browser ( The settings for proxy were; IP address set to 10.1.30.8 on port 8080). If the proxy settings were disabled, we COULD NOT access the Internet. This meant, all those who were using the proxy settings were able to browse to the internet and administrators who do not use the Proxy, but go through their Cisco ASA were unable to browse to the internet.
b. We were UNABLE to gain access to servers in DMZ ( FYI, on a couple of occasions, we could access the DMZ, strange..!!!).
c. We could NOT send emails, but COULD receive emails.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
03-01-2012 09:41 AM
I am sorry to hear that.
If you would like some assistance, you can contact me over PM.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
03-01-2012 10:01 AM
Have you tried working with your SE to iron out the rules? Ours has been more than helpful with all of our deployments.
- Mark as New
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
03-05-2012 02:16 AM
Prince,
I will be doing it again during this week. Hopefully it goes well.
- PANOS 10.x - share interface in Multi-vSYS mode in General Topics
- Convert from Cisco to Palo in General Topics
- GP - MFA notification message for desktop clients in GlobalProtect Discussions
- CVE-2020-8597 is it applicable for Palo alto ? in General Topics
- VPN IPSec gcm or cbc cypher types in General Topics
Show your appreciation!
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
