Over the years and multiple vendors and projects our ASA Access Rules, Static Routes, NAT entries and VPN tunnels, considerable junk has accumulated. As usual be it a contractor or staff everyone I keen in adding statements but not cleaning up!
Now I have the wonderful task of removing obsolete IPs, NAT and Access. VPN entries.
I used Solarwinds FSM to run analysis but the results were only harping in an alarming manner of the number of any to any entries. I was surprised myself but it appears to be the last statements in a section as a catch all. Cisco ASA configs does not specify best practices to restrict "any to any" use. I am prudent enough not to remove without research and safe step would be to disable and see what happens? !!
Any other less dramatic suggestions to test removal? (Sample attatched)
All suggestions much appreciated.
... View more