Prev: Inside to Inside NAT
Next: Cisco C2948G catalyst switch - second time
From: Akut on 13 Apr 2007 00:18
Hi,

I'm configuring a PIX and I get this warning message each time I boot :

..outside interface address added to PAT pool
WARNING: access-list protocol or port will not be used

It's probably related to these lines in my conf :

global (outside) 1 interface
nat (inside) 0 access-list nonat
nat (inside) 1 0.0.0.0 0.0.0.0 0 0

Could you please help me to understand why I have this warning ?

Thank you,
Akut


From: Walter Roberson on 13 Apr 2007 01:06
In article <461f048e$0$5644$4c368faf(a)roadrunner.com>,
Akut <akut(a)hotmail.com> wrote:

>I'm configuring a PIX and I get this warning message each time I boot :

>.outside interface address added to PAT pool
>WARNING: access-list protocol or port will not be used

>It's probably related to these lines in my conf :

>global (outside) 1 interface
>nat (inside) 0 access-list nonat
>nat (inside) 1 0.0.0.0 0.0.0.0 0 0

I would suspect it is related to

nat (inside) 0 access-list nonat

Does the access-list named nonat happen to try to deal with something
other than tcp or udp? For example, does it have some icmp or gre?
From: Akut on 13 Apr 2007 09:08
>>global (outside) 1 interface
>>nat (inside) 0 access-list nonat
>>nat (inside) 1 0.0.0.0 0.0.0.0 0 0
>
> I would suspect it is related to
>
> nat (inside) 0 access-list nonat
>
> Does the access-list named nonat happen to try to deal with something
> other than tcp or udp? For example, does it have some icmp or gre?

yes :
access-list nonat permit icmp ...

Akut


 | 
Pages: 1
Prev: Inside to Inside NAT
Next: Cisco C2948G catalyst switch - second time