cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
6087
Views
0
Helpful
5
Replies

ASA implicit Deny

Hi all,

i have doubt in ASA implcit deny concept. if we add new ACE ( without line number ) in in the existing acces-list where it will be stored. will it be added after implicit deny rule or it will send the implicit deny rule one step down? kindly clarify this doubt.

Thanks in advance.

1 Accepted Solution

Accepted Solutions

varrao
Level 10
Level 10

Hi Bala,

Whenever you add a new ACL withoout specifyong the line number, it would always be added at the bottom onf the access-list entries, the implicit deny ACL would be pushed down at the last, so for eg you have 25 lines in the ACL, and you add a new ACE, that ACE would be added on line 26 and implicit deny would be after the line 26. To verify, use the command:

show access-list

this would give you all the access-list line numbers.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao

View solution in original post

5 Replies 5

varrao
Level 10
Level 10

Hi Bala,

Whenever you add a new ACL withoout specifyong the line number, it would always be added at the bottom onf the access-list entries, the implicit deny ACL would be pushed down at the last, so for eg you have 25 lines in the ACL, and you add a new ACE, that ACE would be added on line 26 and implicit deny would be after the line 26. To verify, use the command:

show access-list

this would give you all the access-list line numbers.

Hope this helps.

Thanks,

Varun

Thanks,
Varun Rao

thanks varun, this is only for ASA or it will be applicable for cisco routers also???

It is the same concept on cisco router as well, the acl would be added in the last and would have an implicit deny after that.

Hope I was able tos olve your query.

Varun

Thanks,
Varun Rao

thanks varun thanks a lot...

No problem , plesae mark this thread as answered, if your queries are resolved.

Varun

Thanks,
Varun Rao
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: