Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

access-list has protocol or port

I has tried migrating the PIX os from 6.2(3) to 7.2(3). After the upgrade relevant configurations has changed to the new command syntax.

But i got an error with the NAT acl "access-list has protocol or port" and iam unable to go thro' the entire statments due to its length.


Re: access-list has protocol or port

Not sure what your question is but it doesn't seem to like that you have an extended acl in your nat statement. For example...

access-list nonat permit tcp host x.x.x.x host y.y.y.y www

nat (inside) 0 access-list nonat

New Member

Re: access-list has protocol or port

you are right. While in 6.2(3) i have ACL's for port based restrictions.

After migrating to 7.2(3), this NAT statement was missing in the config- nat (inside) 0 access-list nonat

When i tried adding it iam gettting this error "access-list has protocol or port" . I hv no other go than roll back the OS upgrade.


Re: access-list has protocol or port

I don't think you can do it in anything 6.3 and above. What is your purpose for using it this way exactly, I know you said "port based restrictions". Could you be more specific?

CreatePlease to create content