ERROR: access-list has protocol or port

Unanswered Question
May 8th, 2007

Hi there, I have an ASA 5510 version 7.0(4). I have a problem with the nat0 , at some point of time my nat0 line on the inside interface simply dissappears . When i try to add it again it gives me an error ERROR: access-list has protocol or port . Now according to me we had ip based access as well as portocol and port based access-list in the nat0 and this was working fine for last 6 months without any issues. Now that we have removed protocol based and only assigned ip based it works fine . I have gone through all the bugs for this version but didnt find any of this kind . The same acl (protocol and port based) works fine in some PIX which we have . Can any one point as to what is the problem with this version of ASA

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
visaxena Sat, 05/12/2007 - 22:18

Access list for policy nat and for NAT 0 are different. May be this is the reason why you are saying that you were able to use ports in the ACL for nat. Otherwise NAT 0 will NEVER in any version (either 6.x or 7.x) will allow you to use ports in the NAT 0 ACL.

See the documentation for 7.0

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/mr.htm#wp1583696

See the documentation for 6.0

http://www.cisco.com/en/US/partner/docs/security/pix/pix60/firewall/configuration/guide/commands.html#wp1024325

And it has been same for the entire 6.x series till 6.3.5.

-Vikas

Actions

This Discussion