We recently had a new ASA installed and configured by a contractor. I have been looking through the configs and I had a question that may have a simple explanation. Below is a sample of the config.
access-list outside-entry extended permit ip host 18.104.22.168 any
access-list outside-entry extended permit ip host 22.214.171.124 any
access-list outbound_access extended permit ip 126.96.36.199 255.255.0.0 any
access-list outbound_access extended permit ip any any
access-list outside_entry extended permit ip any any
access-list outside extended permit ip any host 188.8.131.52
access-list outside extended permit ip any host 184.108.40.206
access-group outside in interface outside
access-group outbound_access in interface inside
access-group outside_entry in interface dmz
My question relates to the outside-entry access list and the outside_entry access list. The outside-entry access list is not tied to any interface so are any rules associated with it even being adhered to? With every address in the outside-entry access list also in the outside access list, it would seem that any traffic can come straight through without even hitting my DMZ. Should the outside-entry access list actually be called the outside_entry access list? Was a mistake made with the naming? Any clarification on this would be appreciated. Having that outside-entry access list not associated with an interface is confusing me. Thank you in advance for the assistance!
Thanks for the reply Ajay. I figured out that's what those commands did. I'm just confused as to what the outside-entry access list is actually doing. It's not assigned to an inteface so I don't believe it's actually doing anything. Those commands are useless. Is that correct as far as you know? Thanks again for the help!
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...