Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

ERROR: access-list has protocol or port

Hi there, I have an ASA 5510 version 7.0(4). I have a problem with the nat0 , at some point of time my nat0 line on the inside interface simply dissappears . When i try to add it again it gives me an error ERROR: access-list has protocol or port . Now according to me we had ip based access as well as portocol and port based access-list in the nat0 and this was working fine for last 6 months without any issues. Now that we have removed protocol based and only assigned ip based it works fine . I have gone through all the bugs for this version but didnt find any of this kind . The same acl (protocol and port based) works fine in some PIX which we have . Can any one point as to what is the problem with this version of ASA


Re: ERROR: access-list has protocol or port

ASA won?t take the access-list is you are using ports on its syntax. You will need to define it without using the ports. If you will like to restrict the VPN traffic to certain ports what is suggested is to apply an access-group on the interface where the hosts are coming from or apply a VPN-filter to the proper VPN entry.

Try this: If you are using the GRE protocol, remove the GRE protocol from the NONAT ACL

CreatePlease to create content