11-25-2014 01:20 PM - edited 03-11-2019 10:07 PM
Hi all,
I have a asa 5505 and im having the following error.
nat (inside) 0 access-list inside_nat0_outbound
ERROR: access-list has protocol or port
Any ideas?
Solved! Go to Solution.
11-25-2014 04:21 PM
Yes, remove the line with the port and add the same line without ports and with ip instead of tcp. That's all that has to be done..
11-25-2014 01:58 PM
Please post the ACL inside_nat0_outbound
11-25-2014 02:32 PM
Hello burleyman
access-list inside_nat0_outbound extended permit ip any host estudio_address
access-list inside_nat0_outbound extended permit ip any 172.18.3.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip 172.17.2.0 255.255.255.0 host 10.61.10.224
access-list inside_nat0_outbound extended permit ip any 12.100.64.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 12.100.65.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 12.102.0.0 255.255.255.0
access-list inside_nat0_outbound extended permit ip any 12.100.66.0 255.255.255.0
access-list inside_nat0_outbound extended permit tcp any 12.100.64.0 255.255.255.0 eq www --this is the last one i added.
11-25-2014 03:28 PM
An ACL that is used for NAT exemption should not contain any ports. If you really need ports (based on your config, I don't think so), you have to configure static identity NAT.
Just use the following line instead of your last line:
access-list inside_nat0_outbound extended permit ip any 12.100.64.0 255.255.255.0
11-25-2014 03:32 PM
Hello Karsten
To fix the issue i would have to erase the acl and add the nat, write?
no access-list inside_nat0_outbound extended permit tcp any 12.100.64.0 255.255.255.0 eq www
nat (inside) 0 access-list inside_nat0_outbound
Thanks.
11-25-2014 04:21 PM
Yes, remove the line with the port and add the same line without ports and with ip instead of tcp. That's all that has to be done..
11-25-2014 02:32 PM
I found my own error
no access-list inside_nat0_outbound extended permit tcp any 12.100.64.0 255.255.255.0 eq www
nat (inside) 0 access-list inside_nat0_outbound
Is that correct?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide