Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
494
Views
0
Helpful
2
Replies

Error: Cannot translate ip protocol tcp to ip protocol ip

intosea
Level 1
Level 1

‎11-15-2006 10:41 AM - edited ‎03-09-2019 04:53 PM

This error message was found on a pix506 when configuring policy nat.

PIX506(config)# show ver

Cisco PIX Firewall Version 6.3(5)

Cisco PIX Device Manager Version 3.0(4)

Compiled on Thu 04-Aug-05 21:40 by morlee

PIX506 up 2 days 20 hours

Hardware: PIX-506, 32 MB RAM, CPU Pentium 200 MHz

Flash i28F640J5 @ 0x300, 8MB

BIOS Flash AT29C257 @ 0xfffd8000, 32KB

0: ethernet0: address is 0004.2746.1a50, irq 11

1: ethernet1: address is 0004.2746.1a51, irq 10

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES-AES: Enabled

Maximum Physical Interfaces: 2

Maximum Interfaces: 4

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Limited

IKE peers: Unlimited

This PIX has a Restricted (R) license.

Serial Number: 480500233 (0x1ca3da09)

Running Activation Key: 0x2182a733 0x36a897ca 0x915734b2 0xc21beebc

Configuration last modified by enable_15 at 10:36:18.720 PST Wed Nov 15 2006

PIX506(config)# PIX506(config)# access-list http permit tcp host 10.15.1.106 host 204.50.71.1 eq www

PIX506(config)# static (inside, outside) 65.39.139.30 access-list http

ERROR: cannot translate from IP protocol tcp to IP protocol ip

PIX506(config)#

I read cisco document, 6.3(5) should support policy NAT, I don't know why it didn't work on my machine. Please help me, Thanks

Benny

Labels:
0 Helpful
2 Replies 2

m.sir
Level 7
Level 7

‎11-15-2006 10:48 AM

can you try

PIX506(config)# static (inside, outside) tcp 65.39.139.30 http access-list http http

M.

0 Helpful

intosea
Level 1
Level 1
In response to m.sir

‎11-15-2006 10:59 AM

Yes, It did accept this command:

static (inside, outside) tcp 65.39.139.30 www access-list http 0 0, But I'am not sure it works, Why it was not same as the document said. Thank you

Benny

0 Helpful
Customers Also Viewed These Support Documents