cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
mattb
New Contributor

ACL wizard cleanup

I'm curious of something...   When you use the Firewall Wizard on the web interface to set it up, the run config looks something like this:

ip access-list extended wizard-pfwd-1

  remark Port 80 to doxer

  permit tcp any  host 150.150.150.150 eq www   log

!

ip access-list extended wizard-pfwd-2

  remark Port webmin to doxer

  permit tcp any  host 150.150.150.150 eq 10101   log

!

ip access-list extended wizard-pfwd-3

  remark Port ssh to doxer

  permit tcp any  host 150.150.150.150 eq 2220   log

!

ip access-list extended wizard-pfwd-4

  remark VNC to doxer

  permit tcp any  host 150.150.150.150 eq 5900   log

!

ip policy-class Public

  nat destination list wizard-pfwd-1 address 10.0.1.20

  nat destination list wizard-pfwd-2 address 10.0.1.20

  nat destination list wizard-pfwd-3 address 10.0.1.20

  nat destination list wizard-pfwd-4 address 10.0.1.20

I'm wondering if this would do the same thing:

ip access-list extended doxer-1

  remark all to doxer

  permit tcp any  host 150.150.150.150 eq www    log

  permit tcp any  host 150.150.150.150 eq 10101   log

  permit tcp any  host 150.150.150.150 eq 2220     log

  permit tcp any  host 150.150.150.150 eq 5900   log

ip policy-class Public

  nat destination list doxer-1 address 10.0.1.20

Labels (1)
0 Kudos
1 Reply
mattb
New Contributor

Re: ACL wizard cleanup

Well, I tried it and it doesn't seem to work.   Seems for every NAT destination, there has to be a separate ACL.   Bummer.   Sure clean up the config if you could.