Adtran
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mattb
New Contributor
‎07-28-2017 02:32 PM

ACL wizard cleanup

I'm curious of something...   When you use the Firewall Wizard on the web interface to set it up, the run config looks something like this:

ip access-list extended wizard-pfwd-1

  remark Port 80 to doxer

  permit tcp any  host 150.150.150.150 eq www   log

!

ip access-list extended wizard-pfwd-2

  remark Port webmin to doxer

  permit tcp any  host 150.150.150.150 eq 10101   log

!

ip access-list extended wizard-pfwd-3

  remark Port ssh to doxer

  permit tcp any  host 150.150.150.150 eq 2220   log

!

ip access-list extended wizard-pfwd-4

  remark VNC to doxer

  permit tcp any  host 150.150.150.150 eq 5900   log

!

ip policy-class Public

  nat destination list wizard-pfwd-1 address 10.0.1.20

  nat destination list wizard-pfwd-2 address 10.0.1.20

  nat destination list wizard-pfwd-3 address 10.0.1.20

  nat destination list wizard-pfwd-4 address 10.0.1.20

I'm wondering if this would do the same thing:

ip access-list extended doxer-1

  remark all to doxer

  permit tcp any  host 150.150.150.150 eq www    log

  permit tcp any  host 150.150.150.150 eq 10101   log

  permit tcp any  host 150.150.150.150 eq 2220     log

  permit tcp any  host 150.150.150.150 eq 5900   log

ip policy-class Public

  nat destination list doxer-1 address 10.0.1.20

Labels (1)
Labels
0 Kudos
Reply
1 Reply
mattb
New Contributor
‎07-31-2017 04:03 PM

Re: ACL wizard cleanup

Well, I tried it and it doesn't seem to work.   Seems for every NAT destination, there has to be a separate ACL.   Bummer.   Sure clean up the config if you could.

0 Kudos
Accept as Solution Reply