04-29-2010 06:49 PM
Hi,
For a PIX 515E 6.3(5)
I have the following ACLS:
Crypto ACL List
access-list ipsectraffic permit ip host 192.168.7.221 object-group pdvcorp-backup3-to-db1-datacenter
access-list ipsectraffic permit ip host 192.168.7.222 object-group pdvcorp-backup3-to-db1-datacenter
access-list ipsectraffic permit ip object-group corphosts-datacenter 192.168.10.0 255.255.255.0
access-list ipsectraffic permit ip object-group productionhosts-datacenter object-group access-productionhosts-datacenter
In the above Crypto ACL list, hosts 192.168.7.221 and 192.168.7.222 are both also part of the object group 'productionhosts-datacenter' referenced in the same ACL list. What are the implications of having the same hosts referenced in the Crypto ACL, if any?
No NAT Access List
access-list nonat permit ip 192.168.7.0 255.255.255.0 192.168.10.0 255.255.255.0
In relation to the Crypto ACLs above, is there an issue (security wise or other) with opening the complete Subnet with a NoNAT ACL to save on the having to nail down each host.
Thanks,
Dan
Solved! Go to Solution.
04-29-2010 08:48 PM
It doesn't matter, you can use the same source with multiple destinations. No issues either with the nonat.
04-29-2010 08:48 PM
It doesn't matter, you can use the same source with multiple destinations. No issues either with the nonat.
04-30-2010 10:58 AM
As droeun141 said, you should be fine
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: