Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
688
Views
5
Helpful
3
Replies

nat (inside) 0

d.waltz
Level 1
Level 1

‎12-22-2006 09:40 AM - edited ‎03-11-2019 02:12 AM

I am trying to input a statement into a pix running 7.06 that we had in in a 6.3.4 version pix. The statement is as follows: nat (inside) 0 access-list no-nat

I get this error message on the console.

ERROR: access-list has protocol or port

We do have a large access-list no-nat already in the pix. Here is an example.

access-list no-nat extended permit ip 10.238.0.0 255.255.252.0 10.1.0.0 255.255.0.0

Can't figure out why the command will not take... any help would be appreciated.

Labels:
0 Helpful
3 Replies 3

m-haddad
Level 5
Level 5

‎12-22-2006 11:08 AM

Hello,

With the nat0 you can't match protocols in the ACL. Check all your no-nat access-list lines. it seems there is a line that is matchinh protocls such as tcp or udp and port numbers.

Let me know if this solves your probem,

Appreciate your rating,

Regards,

d.waltz
Level 1
Level 1
In response to m-haddad

‎12-27-2006 07:36 AM

Thanks for the suggestion. Found an icmp statement that had a echo at the end. Took those statements out and the nat (inside) 0 went in ok this time.

0 Helpful

m-haddad
Level 5
Level 5
In response to d.waltz

‎12-27-2006 09:12 AM

Good to know it is working now.

Appreciate your rating,

Regards,

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card