Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12105
Views
0
Helpful
5
Replies

error when applying nat & global

ronshuster
Level 1
Level 1

‎07-22-2010 11:17 AM - edited ‎03-11-2019 11:15 AM

I am building fresh setup for an ASA and when trying to NAT & GLOBAL I get the following:

ciscoasa(config)# nat (inside) 1 0.0.0.0 0.0.0.0
ERROR: This syntax of nat command has been deprecated.
Please refer to "help nat" command for more details.
ciscoasa(config)#

ciscoasa(config)# global (outside) 1 interface
ERROR: This syntax of nat command has been deprecated.
Please refer to "help nat" command for more details.
ciscoasa(config)#

Here's the version info:

ciscoasa(config)# sh ver

Cisco Adaptive Security Appliance Software Version 8.3(1)
Device Manager Version 6.3(1)

Compiled on Thu 04-Mar-10 16:56 by builders
System image file is "disk0:/asa831-k8.bin"
Config file at boot was "startup-config"

I have Version 8.2(1) running elsewhere with no issues, is there anything different with Version 8.3(1)
Is the syntax no longer the same?

Please help

Thx

Labels:
0 Helpful
5 Replies 5

August Ritchie
Level 1
Level 1

‎07-22-2010 11:27 AM

8.3 has had some radical changes in NAT and these commands are indeed not supported.

Magnus has created a great document on the conversion from pre-8.3 to 8.3

https://supportforums.cisco.com/docs/DOC-9129

So your config would look like so (from Magnus' doc): 

 object network obj_any
   subnet 0.0.0.0 0.0.0.0
   nat (inside,outside) dynamic interface

0 Helpful

ronshuster
Level 1
Level 1
In response to August Ritchie

‎07-22-2010 11:39 AM

wow...that's quite a change!  Are these the only differences between 8.2 & 8.3 or are there more surprises?

Or did you only send the NAT & global changes?

I am not sure if I should stick with 8.3 or downgrade to 8.2 which I am more familiar with... any suggestions?

0 Helpful

August Ritchie
Level 1
Level 1
In response to ronshuster

‎07-22-2010 11:49 AM

The new changes offer some new features in the nat functionality (The major one that I am excited about is static PAT for a range of ports instead of having to do one at a time)

The changes are radical at first, but after some time with 8.3, I'm beginning to see the benefit of what these NAT changes will bring.

The other major thing that was changed was the ability to do global access-list, which should allow for greater functionality.

I can't really tell you which OS version is best because it is dependent on your network scenario. I would urge you to read the 8.3 release notes and see if the functionality changes are something that you are interested in, then weigh whether or not 8.3 is a suitable fit for your implementation at this time.

http://ciscosystems.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html

More than just the nat/global has changed, all nat has been given an overhaul

0 Helpful

ronshuster
Level 1
Level 1
In response to August Ritchie

‎07-22-2010 11:54 AM

Thank you very much for your help!!!

0 Helpful

August Ritchie
Level 1
Level 1
In response to ronshuster

‎07-22-2010 01:55 PM

Not a problem, it was my pleasure. Just let me know if that 8.3 nat solution works for you.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card