12-22-2022 04:36 PM
Hi.
ACE...
access-list ENTERPRISE_DMZ_IN extended permit ip host 172.16.1.1 host 172.16.1.5 inactive
At end of this ACL, what does the command "inactive" do?
Thank you!
Solved! Go to Solution.
12-23-2022 01:13 AM
I run small lab
the R2 connect to OUT (0 level )
the R1 connect to IN (100 level)
you can see access-list with inactive disable the ACL and R2 can not ping R1 inside.
immediate after I remove inactive the R2 can ping R1.
12-22-2022 04:54 PM - edited 12-22-2022 04:54 PM
meaning you add it and it inactive,
usually this keyword is add if you have new FW and you need to complete the config then active the ACL.
12-23-2022 01:13 AM
I run small lab
the R2 connect to OUT (0 level )
the R1 connect to IN (100 level)
you can see access-list with inactive disable the ACL and R2 can not ping R1 inside.
immediate after I remove inactive the R2 can ping R1.
12-22-2022 07:33 PM
i guess you are talking about config of ASA. this happens when you deactivate the ACL via ASDM or CLI. even that available in config, it will not actively do anything in operations.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide