Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
411
Views
0
Helpful
2
Replies

ACL's on PIX 515 question.

abruso
Level 1
Level 1

‎12-08-2003 11:29 AM - edited ‎02-20-2020 11:08 PM

I have a question about how ACL's are applied. I already have a pretty extensive ACL applied to the in interface outside. It seems that when I apply a newly created ACL (with a different identifier number) and then remove it, the original extensive ACL gets removed from the interface as well. Is this normal behavior for the PIX? Maybe I am doing something wrong? Thanks.

0 Helpful
2 Replies 2

scoclayton
Level 7
Level 7

‎12-08-2003 12:24 PM

Hi,

I am not 100% sure exactly what you mean but one thing to remeber is that only one ACL is applied per interace. Meaning, if you already have an access-list applied to your outside interface (for instance: access-group 101 in interface outside) and you create a new access-list (with a different identifier) and apply it to the outside interface (for instance: access-group 102 in interface outside), the previous entry is over-written by access-list 102. So, I am speculating that 'access-list 101 in interface outside' is actually removed when you enter in 'access-list 102 in interface outside' rather than when you remove the command. The actual access-list 101 should still persist in the aconfig (i.e access-list 101 permit tcp any host 1.1.1.1 eq www, etc...). If I am reading this wrong, please let me know. Hope this helps.

Scott

0 Helpful

abruso
Level 1
Level 1
In response to scoclayton

‎12-11-2003 10:17 AM

You answered my question perfectly.

Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card