ERROR: access-list has protocol or port

Unanswered Question
May 7th, 2007

Hi there, I have an ASA 5510 version 7.0(4). I have a problem with the nat0 , at some point of time my nat0 line on the inside interface simply dissappears . When i try to add it again it gives me an error ERROR: access-list has protocol or port . Now according to me we had ip based access as well as portocol and port based access-list in the nat0 and this was working fine for last 6 months without any issues. Now that we have removed protocol based and only assigned ip based it works fine . I have gone through all the bugs for this version but didnt find any of this kind . The same acl (protocol and port based) works fine in some PIX which we have . Can any one point as to what is the problem with this version of ASA

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
hadbou Fri, 05/11/2007 - 12:37

ASA won?t take the access-list is you are using ports on its syntax. You will need to define it without using the ports. If you will like to restrict the VPN traffic to certain ports what is suggested is to apply an access-group on the interface where the hosts are coming from or apply a VPN-filter to the proper VPN entry.

Try this: If you are using the GRE protocol, remove the GRE protocol from the NONAT ACL


This Discussion