wawa this is cisco book.

Cisco Support
English
Feedback Help

Browse
Cisco Support Community Topics Experts Events Community
Register Login
Cisco Support Community Security Firewalling NAT Configuration on an
ASA 5516X
Options
Search
Search the Community
Welcome to Cisco Support Community. We would love to have your feedback.
For an introduction to the new site, click here. If you'd prefer to explore, try
our test area to get started. And see here for current known issues.
BCS121157
BCS121157 New Member
?08-17-2015 12:27 PM
NAT Configuration on an ASA 5516X
We have a new ASA 5516X and I realize the NAT commands are different on version
9.4(1) and version 8.2 which is our old ASA 5510. I am unable to create the
commands for the following:

global (outside) 2 X.X.X.X (public IP address)

nat (inside) 0 access-list inside_tunnel_nat0
nat (inside) 2 X.X.0.0 255.255.0.0 (internal IP address )
nat (dmz) 0 access-list DMZ_NONAT

Using these commands I get the error message "this syntax of NAT command has been
deprecated"

Please advise. Thank you.

Firewalling
I have this problem too
0 Helpful
Reply
4 REPLIES
Jon Marshall
Hall of Fame Super Blue Jon Marshall Hall of Fame Super Blue Hall of Fame Super
Blue
?08-17-2015 01:11 PM
Yes, NAT has changed
Yes, NAT has changed significantly from 8.2.

You don't use acls anymore ie. your NAT exemptions are written differently now and
we would need to see the acls you have used.

However it may be better to just use this document which is a great overview of
post 8.3 NAT and covers all you need to know and the logic behind how the ASA does
NAT now which is quite different to what you are used to -
https://supportforums.cisco.com/document/132066/asa-nat-83-nat-operation-and-
configuration-format-cli

there are examples of most types of NAT including the ones you need but it is also
worth reading the sections part because that can have a big influence on whether
your configuration works as expected.

Obviously if still isn't clear or you need help anyway then just say.

Jon

0 Helpful
Reply
BCS121157
BCS121157 New Member
?08-17-2015 01:14 PM
Hi John, Thank you so much
Hi John,

Thank you so much for the speedy response. I will read the document. I believe I
have the first and third NAT configurations worked out. It's the second and fourth
NAT configurations that are giving me an issue. Tough to understand. Thanks
again.

0 Helpful
Reply
Jon Marshall
Hall of Fame Super Blue Jon Marshall Hall of Fame Super Blue Hall of Fame Super
Blue
?08-17-2015 01:18 PM
Okay couple of things -1) the
Okay couple of things -

1) the ones you worked out just pay attention in the document as to which section
to put them in because they can go in any of the sections and where you put them
can have an influence on everything else ie. sections are checked in order so you
could match the wrong NAT rule.

The recommendation in the document is to put the general rules in section 3 so all
the more specific rules in earlier sections are checked first.

2) the ones you haven't worked out. You won't be using acls. What you need to do is
define the objects for both the source network and the destination network and then
your NAT statement includes both objects.

Like I say the document gives an example but if you are unsure please come back for
help.

Jon

0 Helpful
Reply
BCS121157
BCS121157 New Member
?08-17-2015 01:20 PM
Thanks John, I will let you
Thanks John,

I will let you know how it turns out.

0 Helpful
Reply
Popular Documents
ASA NAT 8.3+ - NAT Operation and Configuration Format (CLI)
Created by Jouni Forss on 03-20-2013 12:55 PM
40 161
Table of ContentsIntroductionVersion HistoryPossible Future UpdatesDocuments
PurposeNAT Operation in ASA 8.3+ SectionsRule Types Network Object NATTwice NAT /
Manual NATRule Types used per SectionNAT Types used with Twice NAT / Manual NAT and
Network Obje... view more
How Does NAT-T work with IPSec?
Created by athukral on 05-23-2011 01:20 AM
22 145
Table of Contents Introduction:This document describes details on how NAT-T works.
Background: ESP encrypts all critical information, encapsulating the entire inner
TCP/UDP datagram within an ESP header. ESP is an IP protocol in the same sense that
TCP an... view more
ASA Pre-8.3 to 8.3 NAT configuration examples
Created by Magnus Mortensen on 05-12-2010 09:06 AM
52 86
Static NAT/PAT Pre-8.3 NAT8.3 NATRegular Static NAT static (inside,outside)
192.168.100.100 10.1.1.6 netmask 255.255.255.255 object network obj-10.1.1.6 host
10.1.1.6 nat (inside,outside) static 192.168.100.100 Regular Static PAT static
(inside,outside) t... view more
ALL DOCUMENTS
802
VIEWS
0
HELPFUL
4
REPLIES
Recommended
ASA NAT 8.3+ - NAT Operation and Config...
Jouni Forss Super Bronze
ASA 5516X Transparent Configuration Pro...
tosino489
ASA Bi-directional (overlapping) NAT ex...
Jay Johnston Silver
ASA Pre-8.3 to 8.3 NAT configuration ex...
Magnus Mortensen Silver
How to configure Policy NAT for VPN tra...
TCC_2 Gold
Popular Blogs
AnyConnect Certificate Based Authentication.
Created by Marvin Ruiz on 08-27-2012 05:20 PM
36 60
BLOG (No Title)
Created by Marcin Latosiewicz on 03-16-2012 06:26 AM
17 55
BLOG (No Title)
Created by athukral on 06-14-2011 04:23 AM
15 35
ALL BLOGS
Top
Powered by Lithium
Facebook Twitter Google + YouTube LinkedIn Instagram
Contacts
Feedback
Site Map
Terms & Conditions
Privacy Statement
Cookie Policy
Trademarks
Help
Copyright 2017 Cisco Systems Inc.
All rights reserved.