Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2864
Views
0
Helpful
4
Replies

NAT Configuration on an ASA 5516X

BCS121157
Level 1
Level 1

‎08-17-2015 12:27 PM - last edited on ‎03-25-2019 05:56 PM by Community Manager

We have a new ASA 5516X and I realize the NAT commands are different on version 9.4(1) and version 8.2 which is our old ASA 5510.  I am unable to create the commands for the following:

 

global (outside) 2 X.X.X.X (public IP address)
nat (inside) 0 access-list inside_tunnel_nat0
nat (inside) 2 X.X.0.0 255.255.0.0 (internal IP address )
nat (dmz) 0 access-list DMZ_NONAT

 

Using these commands I get the error message "this syntax of NAT command has been deprecated"

 

Please advise.  Thank you.

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎08-17-2015 01:11 PM

Yes, NAT has changed significantly from 8.2.

You don't use acls anymore ie. your NAT exemptions are written differently now and we would need to see the acls you have used.

However it may be better to just use this document which is a great overview of post 8.3 NAT and covers all you need to know and the logic behind how the ASA does NAT now which is quite different to what you are used to -

https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-configuration-format-cli

there are examples of most types of NAT including the ones you need but it is also worth reading the sections part because that can have a big influence on whether your configuration works as expected.

Obviously if still isn't clear or you need help anyway then just say.

Jon

0 Helpful

BCS121157
Level 1
Level 1
In response to Jon Marshall

‎08-17-2015 01:14 PM

Hi John,

 

Thank you so much for the speedy response.  I will read the document.  I believe I have the first and third NAT configurations worked out.  It's the second and fourth NAT configurations that are giving me an issue.  Tough to understand.  Thanks again.

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to BCS121157

‎08-17-2015 01:18 PM

Okay couple of things -

1) the ones you worked out just pay attention in the document as to which section to put them in because they can go in any of the sections and where you put them can have an influence on everything else ie. sections are checked in order so you could match the wrong NAT rule.

The recommendation in the document is to put the general rules in section 3 so all the more specific rules in earlier sections are checked first.

2) the ones you haven't worked out. You won't be using acls. What you need to do is define the objects for both the source network and the destination network and then your NAT statement includes both objects.

Like I say the document gives an example but if you are unsure please come back for help.

Jon

0 Helpful

BCS121157
Level 1
Level 1
In response to Jon Marshall

‎08-17-2015 01:20 PM

Thanks John,

 

I will let you know how it turns out.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card