cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

4914
Views
0
Helpful
5
Replies

ASA implicit Deny

Hi all,

i have doubt in ASA implcit deny concept. if we add new ACE ( without line number ) in in the existing acces-list where it will be stored. will it be added after implicit deny rule or it will send the implicit deny rule one step down? kindly clarify this doubt.

Thanks in advance.

1 ACCEPTED SOLUTION

Accepted Solutions
varrao
Advocate

Hi Bala,

Whenever you add a new ACL withoout specifyong the line number, it would always be added at the bottom onf the access-list entries, the implicit deny ACL would be pushed down at the last, so for eg you have 25 lines in the ACL, and you add a new ACE, that ACE would be added on line 26 and implicit deny would be after the line 26. To verify, use the command:

show access-list

this would give you all the access-list line numbers.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

5 REPLIES 5
varrao
Advocate

Hi Bala,

Whenever you add a new ACL withoout specifyong the line number, it would always be added at the bottom onf the access-list entries, the implicit deny ACL would be pushed down at the last, so for eg you have 25 lines in the ACL, and you add a new ACE, that ACE would be added on line 26 and implicit deny would be after the line 26. To verify, use the command:

show access-list

this would give you all the access-list line numbers.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

thanks varun, this is only for ASA or it will be applicable for cisco routers also???

It is the same concept on cisco router as well, the acl would be added in the last and would have an implicit deny after that.

Hope I was able tos olve your query.

Varun

Thanks,
Varun Rao

thanks varun thanks a lot...

No problem , plesae mark this thread as answered, if your queries are resolved.

Varun

Thanks,
Varun Rao
Content for Community-Ad