error when applying nat & global

Unanswered Question
Jul 22nd, 2010

I am building fresh setup for an ASA and when trying to NAT & GLOBAL I get the following:

ciscoasa(config)# nat (inside) 1 0.0.0.0 0.0.0.0
ERROR: This syntax of nat command has been deprecated.
Please refer to "help nat" command for more details.
ciscoasa(config)#

ciscoasa(config)# global (outside) 1 interface
ERROR: This syntax of nat command has been deprecated.
Please refer to "help nat" command for more details.
ciscoasa(config)#

Here's the version info:

ciscoasa(config)# sh ver

Cisco Adaptive Security Appliance Software Version 8.3(1)
Device Manager Version 6.3(1)

Compiled on Thu 04-Mar-10 16:56 by builders
System image file is "disk0:/asa831-k8.bin"
Config file at boot was "startup-config"

I have Version 8.2(1) running elsewhere with no issues, is there anything different with Version 8.3(1)
Is the syntax no longer the same?

Please help

Thx

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
August Ritchie Thu, 07/22/2010 - 11:27

8.3 has had some radical changes in NAT and these commands are indeed not supported.

Magnus has created a great document on the conversion from pre-8.3 to 8.3

https://supportforums.cisco.com/docs/DOC-9129

So your config would look like so (from Magnus' doc):

 object network obj_any
   subnet 0.0.0.0 0.0.0.0
   nat (inside,outside) dynamic interface
ronshuster Thu, 07/22/2010 - 11:39

wow...that's quite a change!  Are these the only differences between 8.2 & 8.3 or are there more surprises?

Or did you only send the NAT & global changes?

I am not sure if I should stick with 8.3 or downgrade to 8.2 which I am more familiar with... any suggestions?

August Ritchie Thu, 07/22/2010 - 11:49

The new changes offer some new features in the nat functionality (The major one that I am excited about is static PAT for a range of ports instead of having to do one at a time)

The changes are radical at first, but after some time with 8.3, I'm beginning to see the benefit of what these NAT changes will bring.

The other major thing that was changed was the ability to do global access-list, which should allow for greater functionality.

I can't really tell you which OS version is best because it is dependent on your network scenario. I would urge you to read the 8.3 release notes and see if the functionality changes are something that you are interested in, then weigh whether or not 8.3 is a suitable fit for your implementation at this time.

http://ciscosystems.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html

More than just the nat/global has changed, all nat has been given an overhaul

ronshuster Thu, 07/22/2010 - 11:54

Thank you very much for your help!!!

August Ritchie Thu, 07/22/2010 - 13:55

Not a problem, it was my pleasure. Just let me know if that 8.3 nat solution works for you.

Actions

Login or Register to take actions

This Discussion

Posted July 22, 2010 at 11:17 AM
Stats:
Replies:5 Overall Rating:
Views:4921 Votes:0
Shares:0
Tags: No tags.
 

Discussions Leaderboard

Rank Username Points
1
Jouni Forss
8,441
2
Julio Carvajal
6,223
3
Jon Marshall
3,325
4
Marvin Rhoads
2,498
5
Marius Gunnerud
1,706
Rank Username Points
Jon Marshall
110
Marius Gunnerud
48
Andre Neethling
40
Karsten Iwen
35
Jouni Forss
35