02-18-2019 01:38 PM - edited 02-18-2019 07:10 PM
Hi,
I want to clarify about do we have any caveats when using the source IP/Subnet in the Redirect-ACL when doing posture with ASA or Switch. I didn't find any example out there with source address.
Also, comment about the same with DACL ?
02-18-2019 02:34 PM
For the 2nd question the DACLs are applied to a session. The switch will automatically substitute in the source IP address. You shouldn't be specifying the source IP. I don't thin I have tried using source IPs in posturing rules. What is your exact use case?
02-18-2019 07:34 PM
02-18-2019 08:48 PM
How will you know what IP address client is going to get?
02-19-2019 06:11 AM
02-19-2019 06:15 AM
That's what I wanted to tell we cannot predict what IP address client will get so we cannot have IP specific DACL for posture.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide