Re: ASA5505 - NAT Command Error (Packet Tracer)

VjXj27613 · ‎06-29-2019

Hi,

I'm following a Cisco tutorial for configuring an ASA5505 with a DMZ. Link to the tutorial below:

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/115904-asa-config-dmz-00.html

I've set it up and getting to Step 2 'Step 2 - Configure NAT to Access the Web Server from the Internet' I input the command:

 nat (dmz,outside) static webserver-external-ip service tcp www www

and it throws an error:

ciscoasa(config-network-object)#nat (dmz,outside) static webserver-external-ip service tcp www www
                                                              ^
% Invalid input detected at '^' marker.

I just can't work out what I'm doing wrong. I've follow the tutorial (only changing IP addresses slightly).

I'm running it on Packet Tracer 7.2.1.

With ASA 5505 - Cisco Adaptive Security Appliance Software Version 8.4(2)

If anyone is able to help that would be really appreciated.

Thanks

JORGE RODRIGUEZ · ‎06-29-2019

You are missing the <source> statement

e.g

 nat (dmz,outside) source static webserver-external-ip service tcp www www

Try the above and see how that works

you can always place a question mark to provide addition options

(config)# nat (dmz,outside) ?

<1-2147483647> Position of NAT rule within before auto section
after-auto Insert NAT rule after auto section
source Source NAT parameters

Jorge Rodriguez