1 Reply Latest reply on Jul 31, 2017 2:03 PM by mattb

    ACL wizard cleanup

    mattb New Member

      I'm curious of something...   When you use the Firewall Wizard on the web interface to set it up, the run config looks something like this:

       

      ip access-list extended wizard-pfwd-1

        remark Port 80 to doxer

        permit tcp any  host 150.150.150.150 eq www   log

      !

      ip access-list extended wizard-pfwd-2

        remark Port webmin to doxer

        permit tcp any  host 150.150.150.150 eq 10101   log

      !

      ip access-list extended wizard-pfwd-3

        remark Port ssh to doxer

        permit tcp any  host 150.150.150.150 eq 2220   log

      !

      ip access-list extended wizard-pfwd-4

        remark VNC to doxer

        permit tcp any  host 150.150.150.150 eq 5900   log

      !

      ip policy-class Public

        nat destination list wizard-pfwd-1 address 10.0.1.20

        nat destination list wizard-pfwd-2 address 10.0.1.20

        nat destination list wizard-pfwd-3 address 10.0.1.20

        nat destination list wizard-pfwd-4 address 10.0.1.20

       

      I'm wondering if this would do the same thing:

       

      ip access-list extended doxer-1

        remark all to doxer

        permit tcp any  host 150.150.150.150 eq www    log

        permit tcp any  host 150.150.150.150 eq 10101   log

        permit tcp any  host 150.150.150.150 eq 2220     log

        permit tcp any  host 150.150.150.150 eq 5900   log

      ip policy-class Public

        nat destination list doxer-1 address 10.0.1.20