Cisco ASA – Migrating and NAT in 8.3+

This course is designed to give students a solid overview of the new functionality that are introduced in the following platforms/code versions: Cisco ASA code version 8.3+ and 8.4+, and Cisco ASAx code version 8.6+.

The focus of the class is the redefined syntax for Network Address Translation. The student will learn what has changed in the newer code versions, and how to apply it to the everyday tasks that involve Network Address Translation.

No scheduled public classes.
Contact us to schedule a private delivery.
1 day / 8 hours
Delivery Format:
Physical Classroom
Virtual – Live delivery
Target Audience
  • Engineers who operate and deploy Cisco ASA or Cisco ASAx Platforms
  • Engineers who are migrating to Cisco ASA code versions 8.3+
  • Engineers who want to master Network Address Translation on new ASA code versions

Students should have prior exposure to working with Cisco ASA, ASAx, or PIX firewalls on code versions below 8.2.


By the end of class, the student will be able to:

  • List some of the new features added with code 8.3, 8.4, and 8.6.
  • Define, Configure, and Apply an Object
  • Define the methods of configuring NAT in 8.3+
  • List the scenarios when AutoNAT should be used
  • List the scenarios when Manual NAT should be used
  • Configure Static, Dynamic, Policy, and Identity NAT on 8.3+ code
  • Describe how NAT Priority works on 8.3+
  • Translate NAT commands from old code versions to 8.3+
  • Upgrade a firewall from old code versions to 8.3+


  • New Features of 8.3+ Code
    • Memory Requirements
    • Shared Licenses
    • IPv6 VPNs
    • IKEv2
    • TCP Ping
    • NAT Control
    • Global Access-Lists
    • Real IP addresses (vs Mapped IP Addresses)
  • Objects
    • What are Objects?
    • How are Objects used?
    • Configuring Network Objects
    • Configuring Service Objects
    • Using Objects
    • Combining Objects
  • Network Address Translation
    • Auto NAT
    • Manual NAT
    • NAT Precedence
    • Port Redirection
    • Old and New Comparison
      • Static NAT
      • Dynamic NAT
      • Port Translation
      • NAT Exemption (Identity NAT)
      • Policy NAT
    • Keywords
      • unidirectional
      • route-lookup
      • no-proxy-arp
  • Upgrading to 8.3+
    • Items to consider when upgrading to 8.3+
    • Downgrading