Moving config to new device

dazzpowder · ‎09-13-2012

Hi All,

As the subject suggests I have been set the task of exporting a config to a new device. The new device will have the outside interface assigned by the service provider. The current ASA has the following in the config

access-list non-priority-traffic extended deny ip host 10.10.10.10 host 20.20.20.20

access-list non-priority-traffic extended deny ip host 20.20.20.20 host 10.10.10.10

if the host 10.10.10.10 is the actual ip address of the outside interface can I just replace it with the following - given that I wont know the dynamically assigned ip of the new ASA?

access-list non-priority-traffic extended deny ip interface outside host 20.20.20.20

access-list non-priority-traffic extended deny ip host 20.20.20.20interface outside

many thanks

Karsten Iwen · ‎09-13-2012

Yes, using the keyword "interface" is supported for that on the ASA and quite usefull with dynamic addreses.

But what do you want to do with that ACL? Having the same host both as source and destination in *one* ACL is not useful in most cases.

--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni