08-24-2010 03:46 AM - edited 03-11-2019 11:29 AM
Dear Team,
Is there any tool available to check the most specfic acl for a particular IP/Network address.
For Ex:
1. Copy And Paste the acl from PIX/ASA to the tool
2. Give IP and Subnet for query
It should say which line will match for that IP/network
Regards,
Manu B.
08-24-2010 05:31 AM
No, there is no such tool that I know off. Please kindly be advised that ACL is matched from top to bottom, so even if you are matching on a more specific ACL line, if you have an ACL line above with wider range that matches first, it will match on that line first as ACL is processed from top to bottom.
08-24-2010 09:37 AM
If your firmware version supports it you can sort of do this with packet tracker via ASDM.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide