I am redesigning my ACL's. I have a dumb question for the "outside_access_in" ACL. This ACL controls traffic from the outside in. Servers which are in my DMZ are on a private range and the ASA is doing a static NAT for them. As I create the ACL should I only referance the public IP addresses since the ASA will translate them?
So in my case I created an object-group called "DMZ_WEB_SERVERS" with all of the private IP addresses of my web servers in my DMZ. The IP's are all NAT'ed to public IP addresses. On my Inside interface I am using the object-group to permit access to these DMZ web servers. On my Outside interface I can use the same object-group even though it has the private IP addresses and the ASA will automatically translate them.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...