Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
184
Views
0
Helpful
1
Replies

ASA Behavior Access lists

rakeshvelagala
Level 3
Level 3

‎07-04-2014 11:20 PM - edited ‎03-11-2019 09:25 PM

Hi All,

 

From What I have learnt regarding access lists, if there is a global access list, it will be checked after checking the interface access list and the "deny ip any any" will be at the end of global access list instead of at the interface.

 

Question

When we have Global access list, the implicit rule that permits all IP traffic from high security level(say 100) to low security level(say 0) will be disabled?

 

Kindly advise

 

Thanks & Regards

 

 

Labels:
0 Helpful
1 Reply 1

Marius Gunnerud
VIP
VIP

‎07-05-2014 01:59 AM

If you use the global access list only, you would need to configure rules in both directions:

access-list test extended permit ip host 1.1.1.2 host 2.2.2.1
access-list test extended permit ip host 2.2.2.1 host 1.1.1.2

access-group test global

So yes, the security levels will be disabled.

--

Please remember to select a correct answer and rate helpful posts

--
Please remember to select a correct answer and rate helpful posts
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card