02-18-2019 01:38 PM - edited 02-18-2019 07:10 PM
Hi,
I want to clarify about do we have any caveats when using the source IP/Subnet in the Redirect-ACL when doing posture with ASA or Switch. I didn't find any example out there with source address.
Also, comment about the same with DACL ?
02-18-2019 02:34 PM
For the 2nd question the DACLs are applied to a session. The switch will automatically substitute in the source IP address. You shouldn't be specifying the source IP. I don't thin I have tried using source IPs in posturing rules. What is your exact use case?
02-18-2019 07:34 PM
02-18-2019 08:48 PM
How will you know what IP address client is going to get?
02-19-2019 06:11 AM
02-19-2019 06:15 AM
That's what I wanted to tell we cannot predict what IP address client will get so we cannot have IP specific DACL for posture.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: