the following error message i get with the working ASA & also tried on a newly bought ASA.
i tried issuing "ciscoasa(config)# nat (inside) 0 access-list cbaynonat", the command accepts then added "access-list cbaynonat extended permit tcp host 172.19.1.2 172.19.5.0 255.255.255.128 eq ftp" this command also accepts, but when i restart the ASA after this, i get an error message "ERROR: access-list has protocol or port" after getting this error message, i could not find the "nat (inside) 0 access-list cbaynonat" in the configuration, then i removed "access-list cbaynonat extended permit tcp host 172.19.1.2 172.19.5.0 255.255.255.128 eq ftp" & added the "ciscoasa(config)# nat (inside) 0 access-list cbaynonat" the command accepts, then command accepts, i found that only after issuing "access-list 172.19.1.2 extended permit tcp host 172.19.1.2 172.19.5.0 255.255.255.128 eq ftp" i get error message, it is not only with the port 21, any port if i add i get that error message. but when i tried issuing "access-list cbaynonat extended permit ip 172.19.0.0 255.255.0.0 172.16.0.0" then restarting the ASA there is no error message. the "nat (inside) 0 access-list cbaynonat" i could able to see in the configuration.
help me out what is the problem, i tried upgrading to 7.2 version also, i get the same error message.
I am not sure what you are trying to achieve, let me see if I can help you here.
Basically why the error kept coming is because you are doing an identity nat and calling an access-list, this kind of nat the access-list being called should not contain any port numbers it should be IP based only.
I guess you want to do a nonat when the source ip is from 172.19.0.0 to 172.16.0.0 so your configuration is fine after that.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...