i face a [roblem regarding the NAT configuration when i gave command
its gives error
ERROR: This syntax of nat command has been deprecated.
Please refer to "help nat" command for more details.
please resolve this issue and i also send the sh version below
ciscoasa(config)# sh version
Cisco Adaptive Security Appliance Software Version 8.4(2)
Compiled on Wed 15-Jun-11 18:17 by builders
System image file is "Unknown, monitor mode tftp booted image"
Config file at boot was "startup-config"
ciscoasa up 17 mins 53 secs
Hardware: ASA 5520, 1024 MB RAM, CPU Pentium II 1000 MHz
Internal ATA Compact Flash, 256MB
BIOS Flash unknown @ 0x0, 0KB
0: Ext: GigabitEthernet0 : address is 00ab.cd92.5200, irq 0
1: Ext: GigabitEthernet1 : address is 00ab.cd92.5201, irq 0
2: Ext: GigabitEthernet2 : address is 0000.ab80.9802, irq 0
3: Ext: GigabitEthernet3 : address is 0000.ab1e.5c03, irq 0
4: Ext: GigabitEthernet4 : address is 0000.ab78.3a04, irq 0
5: Ext: GigabitEthernet5 : address is 0000.ab58.eb05, irq 0
Licensed features for this platform:
Maximum Physical Interfaces : Unlimited perpetual
Maximum VLANs : 100 perpetual
Inside Hosts : Unlimited perpetual
Failover : Disabled perpetual
VPN-DES : Disabled perpetual
VPN-3DES-AES : Disabled perpetual
Security Contexts : 0 perpetual
GTP/GPRS : Disabled perpetual
AnyConnect Premium Peers : 5000 perpetual
AnyConnect Essentials : Disabled perpetual
Other VPN Peers : 5000 perpetual
Total VPN Peers : 0 perpetual
Shared License : Disabled perpetual
AnyConnect for Mobile : Disabled perpetual
AnyConnect for Cisco VPN Phone : Disabled perpetual
Advanced Endpoint Assessment : Disabled perpetual
UC Phone Proxy Sessions : 2 perpetual
Total UC Proxy Sessions : 2 perpetual
Botnet Traffic Filter : Disabled perpetual
Intercompany Media Engine : Disabled perpetual
This platform has an ASA 5520 VPN Plus license.
Serial Number: 123456789AB
Running Permanent Activation Key: 0x00000000 0x00000000 0x00000000 0x00000000 0x00000000
Configuration register is 0x0
Configuration last modified by enable_15 at 07:08:48.239 UTC Fri Oct 17 2014
Thanks and Regards
This command was only supported in software levels 8.2 and below. Since software level 8.3 the ASAs have had a new NAT configuration format and in that instance also this command has been removed.
So in short you can not use this command anymore because you are already running a newer software level.
I am not sure what you mean? If you mean a replacing command for this then there is none. The whole concept of NAT Control has been removed.
If you mean information about the new configuration format then you should have a look at the ASA Configurations Guide and Command Reference that can be found online.
You can read some about the new NAT configuration format from a document I wrote in 2013 that can be found here
You can also check this document which provides examples comparing the same NAT configuration in the old format and in the new format
no i dont want to replace with the old nat i just have the new firewall and want to trffice from outside to dmz and dmz to inside
Your original question was with regards to the ERROR message that ASA gave. This was due to using an old command that is not supported in your ASAs software.
For us to be able to help you at all with any possible configurations or configurations task we would need specific information what you are attempting to do. The above explanation does not tell me anything.
Are you using the DMZ proxy server on all the clients manually so that they send the traffic there ?
If yes , i think you only need a Dynamic NAT on the ASA device from DMZ to the Outside.
For communication between DMZ and Outside , you would need a Static NAT on the ASA device.
For communication between DMZ and inside , you shouldn't need any NAT statements.
You can refer to this document for more details:-
Let me know if you have any queries.
Thanks and Regards,