topic Re: access-list has protocol or port in Network Security

access-list has protocol or port

wbpo — Mon, 11 Mar 2019 11:25:11 GMT

I has tried migrating the PIX os from 6.2(3) to 7.2(3). After the upgrade relevant configurations has changed to the new command syntax.

But i got an error with the NAT acl "access-list has protocol or port" and iam unable to go thro' the entire statments due to its length.

Re: access-list has protocol or port

acomiskey — Sun, 14 Oct 2007 18:17:59 GMT

Not sure what your question is but it doesn't seem to like that you have an extended acl in your nat statement. For example...

access-list nonat permit tcp host x.x.x.x host y.y.y.y www

nat (inside) 0 access-list nonat

Re: access-list has protocol or port

wbpo — Mon, 15 Oct 2007 17:15:11 GMT

you are right. While in 6.2(3) i have ACL's for port based restrictions.

After migrating to 7.2(3), this NAT statement was missing in the config- nat (inside) 0 access-list nonat

When i tried adding it iam gettting this error "access-list has protocol or port" . I hv no other go than roll back the OS upgrade.

Re: access-list has protocol or port

acomiskey — Mon, 15 Oct 2007 17:43:57 GMT

I don't think you can do it in anything 6.3 and above. What is your purpose for using it this way exactly, I know you said "port based restrictions". Could you be more specific?