Static natting in ASA

Ravichandra T · ‎02-07-2014

Hi,

Am replacing the Pix 515E firewall with a ASA 5515 firewall. When givingthe below commands:

nat-control

global (dmz) 1 interface

nat (inside) 1 10.1.11.0 255.255.255.0

static (inside,dmz) 172.19.176.91 10.1.11.41 netmask 255.255.255.255

static (inside,dmz) 172.19.176.72 10.1.11.8 netmask 255.255.255.255

static (inside,dmz) 172.19.176.73 10.1.11.9 netmask 255.255.255.255

It displays error:

ERROR: This syntax of nat command has been deprecated.

Please refer to "help nat" command for more details.

Suggest how to enable Nat for the above. Thanks in advance.

Regards,

Ravic.

Ravichandra T · ‎02-07-2014

Forgot to mention ASA holds Cisco Adaptive Security Appliance Software Version 8.6(1)2.

Marius Gunnerud · ‎02-08-2014

The NAT configuration is changed as of version 8.3 and is based on group objectes.

here is a good overview of the differences between pre 8.3 and post 8.3

To get your NAT config working you would need to enter the following commands, feel free to change the object group names

object network LAN

subnet 10.1.11.0 255.255.255.0

nat (inside,dmz) dynamic interface

object network SERVER1

host 10.1.11.41

nat (inside,dmz) static 172.19.176.91

object network SERVER2

host 10.1.11.8

nat (inside,dmz) static 172.19.176.72

object network SERVER3

host 10.1.11.9

nat (inside,dmz) static 172.19.176.73

--
Please remember to rate and select a correct answer

--
Please remember to select a correct answer and rate helpful posts