Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ERROR: access-list has protocol or port

Hi there, I have an ASA 5510 version 7.0(4). I have a problem with the nat0 , at some point of time my nat0 line on the inside interface simply dissappears . When i try to add it again it gives me an error ERROR: access-list has protocol or port . Now according to me we had ip based access as well as portocol and port based access-list in the nat0 and this was working fine for last 6 months without any issues. Now that we have removed protocol based and only assigned ip based it works fine . I have gone through all the bugs for this version but didnt find any of this kind . The same acl (protocol and port based) works fine in some PIX which we have . Can any one point as to what is the problem with this version of ASA

1 REPLY
Cisco Employee

Re: ERROR: access-list has protocol or port

Access list for policy nat and for NAT 0 are different. May be this is the reason why you are saying that you were able to use ports in the ACL for nat. Otherwise NAT 0 will NEVER in any version (either 6.x or 7.x) will allow you to use ports in the NAT 0 ACL.

See the documentation for 7.0

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/cref_txt/mr.htm#wp1583696

See the documentation for 6.0

http://www.cisco.com/en/US/partner/docs/security/pix/pix60/firewall/configuration/guide/commands.html#wp1024325

And it has been same for the entire 6.x series till 6.3.5.

-Vikas

1735
Views
0
Helpful
1
Replies