Hi, I meant adding the lines to those positions so that the end ACL will look like the below: access-list traffic_for_IPS extended permit ip any host 172.17.2.6access-list traffic_for_IPS extended permit ip any host 172.17.2.32access-list traffic_for...

Hi Matthew, You are correct. ASA does not need those ACLs when phone proxy is configured. Those are only required if there is another ASA in between the phone and PP-ASA.Could you please share the complete config from the ASA? Regards,Srinath

Hi Mahesh, Could you please share the output of 'show tech' from both ASAs?It would be easier to find the root cause from the outputs.Based on the logs, it does not look like the ASA is dropping the packets. Regards,Srinath

Hi, This should be achievable in 8.2 code. Here is an example.Lets say 10.0.0.1 and 0.2 are IPs from your old IP block. The new IP block contains IPs 10.0.1.1 and 1.2. You can create NAT like such: static (dmz,outside) 10.0.0.1 192.168.0.1 netmask 25...

The ACL causes all HTTP/HTTPS traffic to bypass IPS scanning. As i stated, it is just a workaround which excludes web traffic from scanning and hence improves performance.Regarding security, there would be no IPS scanning/blocking for web traffic. Th...