12-22-2006 09:40 AM - edited 03-11-2019 02:12 AM
I am trying to input a statement into a pix running 7.06 that we had in in a 6.3.4 version pix. The statement is as follows: nat (inside) 0 access-list no-nat
I get this error message on the console.
ERROR: access-list has protocol or port
We do have a large access-list no-nat already in the pix. Here is an example.
access-list no-nat extended permit ip 10.238.0.0 255.255.252.0 10.1.0.0 255.255.0.0
Can't figure out why the command will not take... any help would be appreciated.
12-22-2006 11:08 AM
Hello,
With the nat0 you can't match protocols in the ACL. Check all your no-nat access-list lines. it seems there is a line that is matchinh protocls such as tcp or udp and port numbers.
Let me know if this solves your probem,
Appreciate your rating,
Regards,
12-27-2006 07:36 AM
Thanks for the suggestion. Found an icmp statement that had a echo at the end. Took those statements out and the nat (inside) 0 went in ok this time.
12-27-2006 09:12 AM
Good to know it is working now.
Appreciate your rating,
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide