I have a customer whom has a "permit ip any any statement" configured at the end of an ACL on his inside Firewall. This same statement is not configured on the Firewall that is on the OUtside Perimeter of the network.
Each time I have tried to remove the "permit ip any any " statement , eventually the Mail system will break.
I need to capture what traffic is being passed by this statement, but am not sure how to do so, as the capture command can specify an ACL, but not an individual line from an ACL.
Has anyone ever filtered somehow on just one line of a configured ACL and captured the traffic?