error when applying nat & global

Unanswered Question
Jul 22nd, 2010

I am building fresh setup for an ASA and when trying to NAT & GLOBAL I get the following:

ciscoasa(config)# nat (inside) 1
ERROR: This syntax of nat command has been deprecated.
Please refer to "help nat" command for more details.

ciscoasa(config)# global (outside) 1 interface
ERROR: This syntax of nat command has been deprecated.
Please refer to "help nat" command for more details.

Here's the version info:

ciscoasa(config)# sh ver

Cisco Adaptive Security Appliance Software Version 8.3(1)
Device Manager Version 6.3(1)

Compiled on Thu 04-Mar-10 16:56 by builders
System image file is "disk0:/asa831-k8.bin"
Config file at boot was "startup-config"

I have Version 8.2(1) running elsewhere with no issues, is there anything different with Version 8.3(1)
Is the syntax no longer the same?

Please help


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
August Ritchie Thu, 07/22/2010 - 11:27

8.3 has had some radical changes in NAT and these commands are indeed not supported.

Magnus has created a great document on the conversion from pre-8.3 to 8.3

So your config would look like so (from Magnus' doc):

 object network obj_any
   nat (inside,outside) dynamic interface
ronshuster Thu, 07/22/2010 - 11:39

wow...that's quite a change!  Are these the only differences between 8.2 & 8.3 or are there more surprises?

Or did you only send the NAT & global changes?

I am not sure if I should stick with 8.3 or downgrade to 8.2 which I am more familiar with... any suggestions?

August Ritchie Thu, 07/22/2010 - 11:49

The new changes offer some new features in the nat functionality (The major one that I am excited about is static PAT for a range of ports instead of having to do one at a time)

The changes are radical at first, but after some time with 8.3, I'm beginning to see the benefit of what these NAT changes will bring.

The other major thing that was changed was the ability to do global access-list, which should allow for greater functionality.

I can't really tell you which OS version is best because it is dependent on your network scenario. I would urge you to read the 8.3 release notes and see if the functionality changes are something that you are interested in, then weigh whether or not 8.3 is a suitable fit for your implementation at this time.

More than just the nat/global has changed, all nat has been given an overhaul

August Ritchie Thu, 07/22/2010 - 13:55

Not a problem, it was my pleasure. Just let me know if that 8.3 nat solution works for you.


This Discussion