Hi there, I have an ASA 5510 version 7.0(4). I have a problem with the nat0 , at some point of time my nat0 line on the inside interface simply dissappears . When i try to add it again it gives me an error ERROR: access-list has protocol or port . Now according to me we had ip based access as well as portocol and port based access-list in the nat0 and this was working fine for last 6 months without any issues. Now that we have removed protocol based and only assigned ip based it works fine . I have gone through all the bugs for this version but didnt find any of this kind . The same acl (protocol and port based) works fine in some PIX which we have . Can any one point as to what is the problem with this version of ASA
ASA won?t take the access-list is you are using ports on its syntax. You will need to define it without using the ports. If you will like to restrict the VPN traffic to certain ports what is suggested is to apply an access-group on the interface where the hosts are coming from or apply a VPN-filter to the proper VPN entry.
Try this: If you are using the GRE protocol, remove the GRE protocol from the NONAT ACL
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...