Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2451
Views
15
Helpful
7
Replies

Need help ASA configuration ( nat inside and outside)

itcisco2015
Level 1
Level 1

‎10-10-2020 06:00 AM

Dear Sir or Madam,

 

Itried to do some lab at home and, I got below an error message ASA nat inside and outside configuration. Could you please see the attached and help me.

ASA-FW(config-network)# subnet 10.10.1.0 255.255.255.0
^
ERROR: % Invalid input detected at '^' marker.
ASA-FW(config-network)# nat (inside, outside) dynamic interface
^

Thank you so much for your time and help.

Labels:
Preview file
18 KB
0 Helpful
7 Replies 7

Sheraz.Salim
VIP
VIP

‎10-10-2020 09:21 AM - edited ‎10-10-2020 11:07 AM

HI you running an old code 8.2 on 5505 but the software 8.2 and 5505 are EOL. the NAT command you trying to put in it will not work. as post 8.4 the unified NAT was introduced. what you trying to configue is a unified nat this was introuduced in post 8.4 on wards. please consider upgrading the software to 9.1.7

 

you need to upgrade your unit to least 8.4 also to noted i think for 5505 you can only upgrade the software to 9.1.7

here is the link

https://software.cisco.com/download/home/280582808/type/280775065/release/9.1.7%20Interim

 

please do not forget to rate.
0 Helpful

itcisco2015
Level 1
Level 1
In response to Sheraz.Salim

‎10-14-2020 01:49 PM

Thank you for helping me to get this.
0 Helpful

itcisco2015
Level 1
Level 1
In response to Sheraz.Salim

‎10-14-2020 02:24 PM

Hi Sheraz,

Thank you for your help. I won't be able to update IOS.

Thank you,
Zam Mang
0 Helpful

Aref Alsouqi
VIP
VIP

‎10-11-2020 10:54 AM

If you want to configure PAT on the ASA running pre 8.3 code, you should use the following syntax:

nat (inside) 1 10.10.1.0 255.255.255.0

global (outside) 1 interface

itcisco2015
Level 1
Level 1
In response to Aref Alsouqi

‎10-14-2020 02:23 PM

Thank you for helping to this issues. I did the command but there was no internet access. When I connect the inside it had DHCP ip address but there was no still internet connection.

Thank you,
Zam mang
0 Helpful

Marius Gunnerud
VIP
VIP
In response to itcisco2015

‎10-15-2020 05:35 AM - edited ‎10-15-2020 05:36 AM

How are you testing internet connectivity?  If you are just testing with ping then you need to the following commands (this is for through the box traffic):

policy-map global_policy

 class inspection_default

 inspect icmp

 

You said you are unable to ping the inside interface of the ASA from MainRouter, this is to be expected. You will not be able to ping an interface on the ASA that is not the ingress interface.  You will need to test by pinging a device that connects to the inside interface, for example a switch.

You also mention that you are unable to ping 192.168.1.1, though I do not see this IP configured on your router (which has 192.168.200 configured), is this an IP of a different device?

Keep in mind also that MainRouter has no knowledge of the 10.10.1.0/24 network which is the subnet connected to your ASA inside interface, you need to add routing on the MainRouter if it is to be able to reach this network.

--
Please remember to select a correct answer and rate helpful posts

Marius Gunnerud
VIP
VIP

‎10-12-2020 02:38 AM

Aref is correct here.  For dynamic NAT he has provided the correct solution.  If, however, you want to configure a static NAT the you would need to use the following format when using the 8.2 version.

 with the format:  real int | NAT int | NAT IP | NAT port  | real IP | NAT port

static (inside,outside) tcp 1.1.1.1 10000 10.10.1.2 80 netmask 255.255.255.255

--
Please remember to select a correct answer and rate helpful posts
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card