Sajjad,
Check your NAT 0 - or ACL=nonat/NONAT (whatever) and only permit/deny IP
-- -- Sincerely, Shawn Zandi Network Architect and Consultant Cisco Certified CCIE x2 (R&S, Security) Juniper, Foundry, Brocade and Procurve Certified Dubai Internet City blog: http://blog.shafagh.com On Tue, Jan 5, 2010 at 10:58 AM, Alexei Monastyrnyi <alexeim73_at_gmail.com>wrote: > In PIX 6.3 and older it would be fine, but not with version 7 and above. No > ports in PAT ACLs any longer. :-) So if you migrate your stuff from 6.3, you > might have to review PAT ACLs. > > A. > > > karim jamali wrote: > >> Hi, >> >> I am not sure but I believe that the nat exemption access-list cannot have >> protocols or ports. >> >> I may be be wrong though. >> >> Best Regards, >> >> On Tue, Jan 5, 2010 at 8:31 AM, Sajjad Najafizadeh <najafizadeh_at_gmail.com >> >wrote: >> >> >> >>> Hi >>> >>> I get error : ERROR: access-list has protocol or port when trying to add >>> exepmtion nat in ASA. >>> >>> ASA(config)# nat (inside) 0 access-list zero_nat_acl >>> ERROR: access-list has protocol or port >>> >>> Any advice ? >>> >>> Regards Blogs and organic groups at http://www.ccie.netReceived on Tue Jan 05 2010 - 11:09:22 ART
This archive was generated by hypermail 2.2.0 : Thu Feb 04 2010 - 20:28:41 ART