The ASA software will not allow you to use ports or protocols in the NAT 0 access-list (ACL). It is possible to use an ACL without ports / protocol, bind it to the NAT 0 statement and add more complex ACL statements later on.
The result of this will be that at some point of time the nat0 line on the inside interface disappears. When you try to put the nat0 line back in place, you get the following error:
ERROR: access-list has protocol or port
An IP based ACL should be used for the nat 0 configuration. More complex access-lists could be used on interface level.
ERROR: access-list has protocol or port Example:
asa(config)# access-list 101 permit tcp host 1.1.1.1 host 2.2.2.2 eq 80
asa(config)# nat (inside) 0 access-list 101
ERROR: access-list has protocol or port
asa(config)#
asa(config)#no access-list 101 permit tcp host 1.1.1.1 host 2.2.2.2 eq 80
asa(config)# access-list 101 permit ip host 1.1.1.1 host 2.2.2.2
asa(config)# nat (inside) 0 access-list 101
asa(config)#
|
