strange access list rules

[Pantlegz]

Ok so now that I've got the new firewall up and running I'm looking over the old firewall security policy and there are some strange rules like

access-list inside_access_in extended permit ip host 10.100.100.50 host 10.100.100.50
The person who made and managed the firewall isn't with us anymore and this rule just doesn't make any sense to me. Can anyone see a use for having this? I'm sure I'll have more, I'll just keep a running list of odd entries I come across...

 

[Pantlegz]

And is there any reason to specify tcp and then IP for the same address? I thought IP covered both tcp and udp, correct?

 

[Cooky]

That ACL entry can be deleted.
Only time you'll see the same address(es) repeated themselves is when you do a "punch-through" NAT across a Cisco firewall between interfaces.

Just curious...why do you say you're not afraid of hurting in your signature?

 

[Pantlegz]

That ACL entry can be deleted.
Only time you'll see the same address(es) repeated themselves is when you do a "punch-through" NAT across a Cisco firewall between interfaces.

Just curious...why do you say you're not afraid of hurting in your signature?

I kid of figured, I didn't see any reason for them to be there, if I run into issues with our domain controller and vpn I'll know what to change to fix it.

It's a bad translation I guess, It's supposed to say fear no pain. I guess that's what I get for using google translator huh...

 

[Cooky]

It can be translated to what you had in mind (fear no pain).
I'm just not a very good translator. (not native English speaker)