Riddle me this.....
Given an ACL that has the following line in it:
access-list TEST-NONAT extended permit icmp host EDISRV host X.X.X.X
When I attempt the following I get this error message:
ASA(config)# nat (INSIDE) 0 access-list TEST-NONAT
ERROR: access-list has protocol or port
At which point I scratch my head and say "well of course the acl has a protocol and port"
If I remove the ACL line I posted above the nat statement is accepted just fine.
I do not understand why.