I want to clarify about do we have any caveats when using the source IP/Subnet in the Redirect-ACL when doing posture with ASA or Switch. I didn't find any example out there with source address.
For the 2nd question the DACLs are applied to a session. The switch will automatically substitute in the source IP address. You shouldn't be specifying the source IP. I don't thin I have tried using source IPs in posturing rules. What is your exact use case?
My customer would like to specify the source address in the redirect ACL when using with ASA. I was looking for any documentation or wanted to know any caveats related to this.
What is their reason for asking this? I have many customers that ask for things that don't make sense because they don't understand how thing work. The redirect ACL and DACLs are applied to the user session level. Specifying a source IP makes no sense.
That's what I wanted to tell we cannot predict what IP address client will get so we cannot have IP specific DACL for posture.
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
