We have a VPN mesh configured between sites where everything is routed through the main site.
Our ACL lists are getting massive and I'm curious if it would be possible to simplify them as such:
Current ACL:
ip access-list extended ENCRYPT-ACL
permit ip 192.168.2.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.200.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.2.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.200.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 10.255.255.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.40.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.4.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.40.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.50.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.5.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.50.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.60.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.6.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.60.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.70.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.7.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.70.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.8.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.80.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.8.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.80.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.90.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.9.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.90.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.11.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.110.0 0.0.0.255 192.168.3.0 0.0.0.255
permit ip 192.168.11.0 0.0.0.255 192.168.30.0 0.0.0.255
permit ip 192.168.110.0 0.0.0.255 192.168.30.0 0.0.0.255
Could I simplify this by adding an ACL such as this:
permit ip 192.168.0.0 0.0.255.255 192.168.3.0 0.0.0.255
permit ip 192.168.0.0 0.0.255.255.192.168.30.0 0.0.0.255
Also in the NO-NAT could the same principle apply? as you can imagine the NO-NAT for this takes up a couple pages printed out.
Thanks!
