Cisco Cisco ASA 5515-X Adaptive Security Appliance - No Payload Encryption Installation Guide

Some NAT configurations cannot be migrated automatically, or are slightly different from the original 
configuration. 

 lists error messages you might see, and information about the messages.

Error Message   The following 'nat' command didn't have a matching 'global' rule on interface '<name>' 
and was not migrated.

Missing global command. If a nat command does not have a matching global command, the nat command 

will be removed and will not be migrated.

If you intended to have a matching global command, you will need to recreate the configuration 

using the new NAT commands.

nat (dmz) 1 10.1.1.0 255.255.255.0

Not migrated.

Error Message   Alias command was migrated between interfaces ‘any’ and ‘inside’ as an estimate.

alias command migration. The alias command is applied between same and lower security level interfaces. 

After migration, the rules are added between a given interface and any. This is semantically different as the new rule 
applies to all interfaces including itself.

This is relatively safe to migrate and needs no attention in most cases. See the 

 for an example migration.

alias (inside) 209.165.200.225 192.168.100.10

object network obj-192.168.100.10

host 192.168.100.10

nat (any,inside) static 209.165.200.225 dns