07-07-2011 11:46 AM - edited 03-11-2019 01:56 PM
Hi all,
i have doubt in ASA implcit deny concept. if we add new ACE ( without line number ) in in the existing acces-list where it will be stored. will it be added after implicit deny rule or it will send the implicit deny rule one step down? kindly clarify this doubt.
Thanks in advance.
Solved! Go to Solution.
07-07-2011 12:02 PM
Hi Bala,
Whenever you add a new ACL withoout specifyong the line number, it would always be added at the bottom onf the access-list entries, the implicit deny ACL would be pushed down at the last, so for eg you have 25 lines in the ACL, and you add a new ACE, that ACE would be added on line 26 and implicit deny would be after the line 26. To verify, use the command:
show access-list
this would give you all the access-list line numbers.
Hope this helps.
Thanks,
Varun
07-07-2011 12:02 PM
Hi Bala,
Whenever you add a new ACL withoout specifyong the line number, it would always be added at the bottom onf the access-list entries, the implicit deny ACL would be pushed down at the last, so for eg you have 25 lines in the ACL, and you add a new ACE, that ACE would be added on line 26 and implicit deny would be after the line 26. To verify, use the command:
show access-list
this would give you all the access-list line numbers.
Hope this helps.
Thanks,
Varun
07-07-2011 12:15 PM
thanks varun, this is only for ASA or it will be applicable for cisco routers also???
07-07-2011 12:22 PM
It is the same concept on cisco router as well, the acl would be added in the last and would have an implicit deny after that.
Hope I was able tos olve your query.
Varun
07-07-2011 12:31 PM
thanks varun thanks a lot...
07-07-2011 12:34 PM
No problem , plesae mark this thread as answered, if your queries are resolved.
Varun
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide