Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

nat (inside) 0

I am trying to input a statement into a pix running 7.06 that we had in in a 6.3.4 version pix. The statement is as follows: nat (inside) 0 access-list no-nat

I get this error message on the console.

ERROR: access-list has protocol or port

We do have a large access-list no-nat already in the pix. Here is an example.

access-list no-nat extended permit ip 10.238.0.0 255.255.252.0 10.1.0.0 255.255.0.0

Can't figure out why the command will not take... any help would be appreciated.

3 REPLIES
Silver

Re: nat (inside) 0

Hello,

With the nat0 you can't match protocols in the ACL. Check all your no-nat access-list lines. it seems there is a line that is matchinh protocls such as tcp or udp and port numbers.

Let me know if this solves your probem,

Appreciate your rating,

Regards,

New Member

Re: nat (inside) 0

Thanks for the suggestion. Found an icmp statement that had a echo at the end. Took those statements out and the nat (inside) 0 went in ok this time.

Silver

Re: nat (inside) 0

Good to know it is working now.

Appreciate your rating,

Regards,

135
Views
5
Helpful
3
Replies
CreatePlease login to create content