https://community.cisco.com/t5/network-security/access-list-question/m-p/1595781#M559132 <HTML><HEAD></HEAD><BODY><P>Ok, that makes sense. This line is showing as quoted when issuing show runningconfig command. This is on a pix 501, version 6.3.</P><P>Is it assinged to no interface?</P></BODY></HTML> Fri, 25 Mar 2011 19:16:46 GMT Dustin Barnett 2011-03-25T19:16:46Z https://community.cisco.com/t5/network-security/access-list-question/m-p/1595779#M559130 <P>I was going through an old PIX firewall config, and correct me if I'm wrong, but doesn't the following open the firewall to anything?</P><P></P><P>access-list acl_in permit ip any any</P> Mon, 11 Mar 2019 20:12:50 GMT https://community.cisco.com/t5/network-security/access-list-question/m-p/1595779#M559130 Dustin Barnett 2019-03-11T20:12:50Z https://community.cisco.com/t5/network-security/access-list-question/m-p/1595780#M559131 <HTML><HEAD></HEAD><BODY><P>hi,</P><P></P><P>if you apply it on an outside interface then the answer is 'yes'. it opens the firewall for anything.</P><P></P><P>Regards,</P><P>Anisha</P><P></P><P>P.S.: please mark this thread as answered if you your query is resolved.Do rate helpful posts.</P></BODY></HTML> Fri, 25 Mar 2011 17:14:32 GMT https://community.cisco.com/t5/network-security/access-list-question/m-p/1595780#M559131 andamani 2011-03-25T17:14:32Z https://community.cisco.com/t5/network-security/access-list-question/m-p/1595781#M559132 <HTML><HEAD></HEAD><BODY><P>Ok, that makes sense. This line is showing as quoted when issuing show runningconfig command. This is on a pix 501, version 6.3.</P><P>Is it assinged to no interface?</P></BODY></HTML> Fri, 25 Mar 2011 19:16:46 GMT https://community.cisco.com/t5/network-security/access-list-question/m-p/1595781#M559132 Dustin Barnett 2011-03-25T19:16:46Z https://community.cisco.com/t5/network-security/access-list-question/m-p/1595782#M559133 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"><P><A class="jive-link-email-small" href="mailto:barnettd@nulaid.com">barnettd@nulaid.com</A></P><P></P><P>Ok, that makes sense. This line is showing as quoted when issuing show runningconfig command. This is on a pix 501, version 6.3.</P><P>Is it assinged to no interface?</P></PRE><P></P><P>You need to look for an access-group command with the same access-list name eg. if your access-list was called outside_in then you need to look for a line in your config - </P><P></P><P>access-group outside_in in <INTERFACE>&nbsp;&nbsp; &lt;-- where interface is the actual interface it is applied to. </INTERFACE></P><P></P><P>It may well be applied to inside interface although traffic is allowed out by default. </P><P></P><P>Bear in mind also that simply having this line does not permit all traffic if applied to the outside interface. You also need NAT translations for traffic to be allowed but you should still remove it if it is applied to the outside and replace it with a more restrictive access-list ie. only allow in what you need to.</P><P></P><P>Jon</P></BODY></HTML> Fri, 25 Mar 2011 21:06:23 GMT https://community.cisco.com/t5/network-security/access-list-question/m-p/1595782#M559133 Jon Marshall 2011-03-25T21:06:23Z https://community.cisco.com/t5/network-security/access-list-question/m-p/1595783#M559134 <HTML><HEAD></HEAD><BODY><P>Thanks for the adivce. It looks like this access-list is applied to the inside interface.</P></BODY></HTML> Fri, 25 Mar 2011 22:55:32 GMT https://community.cisco.com/t5/network-security/access-list-question/m-p/1595783#M559134 Dustin Barnett 2011-03-25T22:55:32Z