Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
444
Views
0
Helpful
2
Replies

ASA5520 v8.2 to v9.1 Dynamic NAT help

moored
Level 1
Level 1

‎02-02-2014 02:23 AM - edited ‎03-04-2019 10:14 PM

I need to allow internal hosts that do not have a public static IP to be able to communicate with internet hosts, ie download software from the Internet

My public address range is 122.252.14.240/28

My internal IP address range is 192.168.100.0/24

The ASA5520 is on 192.168.100.254

This is the nat rule I have in an older ASA5510 software version

ASA Version 8.2(1)

global (outside1) 1 interface
nat (Inside1) 1 INT_Net 255.255.255.0
access-group outside in interface outside1
route outside1 0.0.0.0 0.0.0.0 122.252.14.241 1

I am commissioning an ASA5520 The ASA Version is 9.1(4)

When I run: global (outside1) 1 interface

I am getting
ERROR: This syntax of nat command has been deprecated.

can somebody help me re write this rule.

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎02-02-2014 03:06 AM

David

You may want to look at the document link at the bottom which gives all the examples of how to configure 8.3 NAT onwards. You can download the pictures section separately and it gives specific examples. When you configure with the new NAT you need to configure it all in one because of the way it groups it together in the configuration.

What i mean by this is that you should not reference your existing INT_Net as it would not be grouped with the rest of the specific NAT configuration.

There are basically two ways to configure what you are trying to do but you should read the document because depending on the other NAT on your ASA you might need to use one or the other ie. section 1 dynamic PAT or section 3 dynamic PAT.

Section 1

=======

object network

network 192.168.100.0 255.255.255.0

nat (inside,outside) dynamic interface

Section 3

=======

object-group network

network-object 192.168.100.0 255.255.255.0

nat (inside,outside) after-auto source dynamic interface

either may be alright for you but worth reading the document to get an idea of how it all works -

https://supportforums.cisco.com/docs/DOC-31116

Jon

0 Helpful

moored
Level 1
Level 1
In response to Jon Marshall

‎02-02-2014 03:28 AM

Thanks for the reply, I tried option 1 to start with and it seems to work ok.

I made a small change as I got an error:

network 192.168.100.0 255.255.255.0

changes to:

subnet 192.168.100.0 255.255.255.0

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card