01-21-2010 05:44 AM - edited 03-11-2019 09:59 AM
Last my collegue asked me what is the default ACL when you put access-group on a interface
when looking on cisco.com I found :
If the specified access list does not exist, all packets are passed.
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp1078845
But this is for routers, how is this for ASA firewalls?
Can anyone help us?
Solved! Go to Solution.
01-26-2010 06:10 PM
The ASA will not let you apply an ACL that is not configured. It will bark
ASA-5505(config)# access-g not-exist in interface inside
ERROR: access-list
I hope it helps.
PK
01-26-2010 06:10 PM
The ASA will not let you apply an ACL that is not configured. It will bark
ASA-5505(config)# access-g not-exist in interface inside
ERROR: access-list
I hope it helps.
PK
01-26-2010 08:33 PM
It depends on the security level configured for that interface.
By default traffic from high security to low security (inside to outside) WILL be allowed like in the routers without any access-group applied.
But, traffic from low to high security (outside to inside) WILL NOT be allowed without access-group applied on the interface.
-KS
01-26-2010 11:56 PM
Hey pkampana
thx for this reply
it was exactly what we were looking for but we couldn't test it our-self as we don't have an ASA box
@kusankar thank you for your reply but pkampana provided the answer we were looking for
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide