Cisco ASA - Nat 0 issue.
Posted on 2012-09-10
I have a point to point VPN between two sites that reside outside my firewall.
Main Site: IP 10.127.240.0/24
Remote Site: 10.127.107.0/24, 10.127.108.0/24.
VPN is up and system works 100%.
This issue is if I have to reboot my the FW the access list will not come up. I get an error that access-list will can’t contain port setting.
nat (inside) 0 access-list vpn_only - list will not load.
access-list vpn_only extended permit udp 10.127.240.0 255.255.255.0 10.127.108.0 255.255.255.0
access-list vpn_only extended permit udp 10.127.240.0 255.255.255.0 10.127.107.0 255.255.255.0
So whenever I need to reboot my firewall I remove the 2 access lists above add the nat (inside) 0 access-list vpn_only then add back in the access-list..
Version on firewall is:
Cisco Adaptive Security Appliance Software Version 7.2(3)
Not sure how to fix.