ASA 9.1(6) New NAT

Used to be, I could connect to the internet with a few commands.

object-group network 100AcreWood
  network-object 10.x.x.0 255.255.255.0
ip address outside 50.x.x.x 255.255.255.248
ip address inside 10.x.x.1 255.255.255.0
global (outside) 10 interface
nat (inside) 10 10.x.x.x 255.255.255.0 0 0
route outside 0.0.0.0 0.0.0.0 50.x.x.x 1
access-list inside_access_in permit ip object-group 100AcreWood any

Now on 9.1(6) I'm getting NAT deprecated & Global Deprecated. Now that everything needs to be under a network object and I cannot make it work.
LVL 1
JeffDeveloperAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Jan SpringerCommented:
For layer 2 interface 5505-type devices:

object-group network 100AcreWood
  network-object 10.x.x.0 255.255.255.0
  nat (inside,outside) dynamic interface    

int e0/0
  switchport access vlan 2

int vlan 2
  ip address outside 50.x.x.x 255.255.255.248

int vlan 1
  ip address inside 10.x.x.1 255.255.255.0

route outside 0.0.0.0 0.0.0.0 50.x.x.x 1

One the ASAs that can be configured as layer 3, you can eliminate the Vlan and put the IP directly under the interface.
0
JeffDeveloperAuthor Commented:
nat (inside,outside) dynamic interface
                                   ^

Error: % Invalid input detected at '^' marker.
0
Jan SpringerCommented:
What are your interfaces named?
0
Prepare for an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program curriculum features two internationally recognized certifications from the EC-Council at no additional time or cost.

JeffDeveloperAuthor Commented:
interface Ethernet0/0
nameif outside
security-level 0
ip address 50.x.x.x 255.255.255.248

interface Ethernet0/1
nameif inside
security-level 100
ip address 10.x.x.0 255.255.255.0
0
Jan SpringerCommented:
When you type in:

object-group network 100AcreWood
  network-object 10.x.x.0 255.255.255.0

and then, enter, ?
do you have an option to configure NAT?
0
JeffDeveloperAuthor Commented:
asa(config)# object-group network 100AcreWood
asa(config-network-object-group)# network-object 10.x.x.0 255.255.255.0
asa(config-network-object-group)# nat (inside,outside) dynamic interface

asa(config-network-object-group)# nat (inside,outside) dynamic interface
                                                                                                   ^
Error: % Invalid input detected at '^' marker.
0
Jan SpringerCommented:
What are your options?
0
JeffDeveloperAuthor Commented:
The next line is

asa(config-network-object-group)#

and it's just waiting for a command to be input
0
Jan SpringerCommented:
sure, but if you hit a space and "?", you should be prompted for a list of valid commands.
0
bamsiCommented:
the line should look like so

-----------------------
object network id 100AcreWood
 subnet 10.x.x.0 255.255.255.0
!
nat (inside,outside) source dynamic 100AcreWood interface
-----------------------

it would PAT any 10.x.x.0 traffic coming from inside going to anything on the outside.

there is an amazing tool by Tunnels Up who could help you convert the pre 8.3 codes to the new NAT commands you could use.

http://www.tunnelsup.com/nat-converter
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
JeffDeveloperAuthor Commented:
This code finally made it work. Didn't need id or !

object network 100AcreWood
 subnet 10.x.x.x 255.255.255.0
nat (any,outside) source dynamic any interface
route outside 0.0.0.0 0.0.0.0 50.x.x.x 1
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.