07-22-2010 11:17 AM - edited 03-11-2019 11:15 AM
I am building fresh setup for an ASA and when trying to NAT & GLOBAL I get the following:
ciscoasa(config)# nat (inside) 1 0.0.0.0 0.0.0.0
ERROR: This syntax of nat command has been deprecated.
Please refer to "help nat" command for more details.
ciscoasa(config)#
ciscoasa(config)# global (outside) 1 interface
ERROR: This syntax of nat command has been deprecated.
Please refer to "help nat" command for more details.
ciscoasa(config)#
Here's the version info:
ciscoasa(config)# sh ver
Cisco Adaptive Security Appliance Software Version 8.3(1)
Device Manager Version 6.3(1)
Compiled on Thu 04-Mar-10 16:56 by builders
System image file is "disk0:/asa831-k8.bin"
Config file at boot was "startup-config"
I have Version 8.2(1) running elsewhere with no issues, is there anything different with Version 8.3(1)
Is the syntax no longer the same?
Please help
Thx
07-22-2010 11:27 AM
8.3 has had some radical changes in NAT and these commands are indeed not supported.
Magnus has created a great document on the conversion from pre-8.3 to 8.3
https://supportforums.cisco.com/docs/DOC-9129
So your config would look like so (from Magnus' doc):
object network obj_any subnet 0.0.0.0 0.0.0.0 nat (inside,outside) dynamic interface
07-22-2010 11:39 AM
wow...that's quite a change! Are these the only differences between 8.2 & 8.3 or are there more surprises?
Or did you only send the NAT & global changes?
I am not sure if I should stick with 8.3 or downgrade to 8.2 which I am more familiar with... any suggestions?
07-22-2010 11:49 AM
The new changes offer some new features in the nat functionality (The major one that I am excited about is static PAT for a range of ports instead of having to do one at a time)
The changes are radical at first, but after some time with 8.3, I'm beginning to see the benefit of what these NAT changes will bring.
The other major thing that was changed was the ability to do global access-list, which should allow for greater functionality.
I can't really tell you which OS version is best because it is dependent on your network scenario. I would urge you to read the 8.3 release notes and see if the functionality changes are something that you are interested in, then weigh whether or not 8.3 is a suitable fit for your implementation at this time.
http://ciscosystems.com/en/US/docs/security/asa/asa83/release/notes/asarn83.html
07-22-2010 11:54 AM
Thank you very much for your help!!!
07-22-2010 01:55 PM
Not a problem, it was my pleasure. Just let me know if that 8.3 nat solution works for you.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: