basically my network topology look like the diagram illustrated.
a. outside interface facing to public internet.
b. inside interface - physically is connect to core switch - logically this interface will have sub-interface for different zone - CSC module physically connect to core switch, which is fall to vlan200 management
- the switch will doing inter-vlan routing - one email server reside in vlan100 server (10.10.100.25 --> 220.127.116.11), which need to do NAT for this.
i try to use the object and object-group to make it categorize (shown in diagram)
my question is:
1. so i need to explicitly create the ACL fot outside remote access? is it the correct way for my ACL? example: access-list mgnt_zone_access_in extended permit ip any any
2. so i can apply either object or object-group on the ACL or NAT?
3. beside email server know gonna have static NAT, should i do any NAT for the network? (well, your suggest are welcome, what-if you meet this kind of topology, what would you do..)
4. what does it mean for this NAT+ACL hybrid? example : access-list mgtn_zone_nat0_outbound extended permit ip 10.10.200.0 255.255.255.0 10.10.10.0 255.255.255.0
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...