https://live.paloaltonetworks.com/t5/expedition-discussions/two-asa-pre-8-3-problems/m-p/232287#M559 <P>I have run into two&nbsp;ASA pre 8.3 Problems.</P> <P>1) importing a deny security rule that had a destination port of 445, was changed to be all tcp ports ( that would be a small problem =D)</P> <P>2) Importing routes pointed to the inside with a vpn on the outside that has a proxy ID (ACL with a remote destination) of the same inside route changed all of the static routes to no next hop and the tunnel interface as the dest interface. I understand the logic here, however it is flawed and should instead be a policy based forwarding rule that is based on the orginal ACLs source and dest IPs and zones.</P> Tue, 25 Sep 2018 15:03:40 GMT dega 2018-09-25T15:03:40Z https://live.paloaltonetworks.com/t5/expedition-discussions/two-asa-pre-8-3-problems/m-p/232287#M559 <P>I have run into two&nbsp;ASA pre 8.3 Problems.</P> <P>1) importing a deny security rule that had a destination port of 445, was changed to be all tcp ports ( that would be a small problem =D)</P> <P>2) Importing routes pointed to the inside with a vpn on the outside that has a proxy ID (ACL with a remote destination) of the same inside route changed all of the static routes to no next hop and the tunnel interface as the dest interface. I understand the logic here, however it is flawed and should instead be a policy based forwarding rule that is based on the orginal ACLs source and dest IPs and zones.</P> Tue, 25 Sep 2018 15:03:40 GMT https://live.paloaltonetworks.com/t5/expedition-discussions/two-asa-pre-8-3-problems/m-p/232287#M559 dega 2018-09-25T15:03:40Z