Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
511
Views
0
Helpful
3
Replies

access-list has protocol or port

wbpo
Level 1
Level 1

‎10-14-2007 06:51 AM - edited ‎03-11-2019 04:25 AM

I has tried migrating the PIX os from 6.2(3) to 7.2(3). After the upgrade relevant configurations has changed to the new command syntax.

But i got an error with the NAT acl "access-list has protocol or port" and iam unable to go thro' the entire statments due to its length.

Labels:
0 Helpful
3 Replies 3

acomiskey
Level 10
Level 10

‎10-14-2007 11:17 AM

Not sure what your question is but it doesn't seem to like that you have an extended acl in your nat statement. For example...

access-list nonat permit tcp host x.x.x.x host y.y.y.y www

nat (inside) 0 access-list nonat

0 Helpful

wbpo
Level 1
Level 1
In response to acomiskey

‎10-15-2007 10:15 AM

you are right. While in 6.2(3) i have ACL's for port based restrictions.

After migrating to 7.2(3), this NAT statement was missing in the config- nat (inside) 0 access-list nonat

When i tried adding it iam gettting this error "access-list has protocol or port" . I hv no other go than roll back the OS upgrade.

0 Helpful

acomiskey
Level 10
Level 10
In response to wbpo

‎10-15-2007 10:43 AM

I don't think you can do it in anything 6.3 and above. What is your purpose for using it this way exactly, I know you said "port based restrictions". Could you be more specific?

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card