01-21-2010 05:44 AM - edited 03-11-2019 09:59 AM
Last my collegue asked me what is the default ACL when you put access-group on a interface
when looking on cisco.com I found :
If the specified access list does not exist, all packets are passed.
http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp1078845
But this is for routers, how is this for ASA firewalls?
Can anyone help us?
Solved! Go to Solution.
01-26-2010 06:10 PM
The ASA will not let you apply an ACL that is not configured. It will bark
ASA-5505(config)# access-g not-exist in interface inside
ERROR: access-list
I hope it helps.
PK
01-26-2010 06:10 PM
The ASA will not let you apply an ACL that is not configured. It will bark
ASA-5505(config)# access-g not-exist in interface inside
ERROR: access-list
I hope it helps.
PK
01-26-2010 08:33 PM
It depends on the security level configured for that interface.
By default traffic from high security to low security (inside to outside) WILL be allowed like in the routers without any access-group applied.
But, traffic from low to high security (outside to inside) WILL NOT be allowed without access-group applied on the interface.
-KS
01-26-2010 11:56 PM
Hey pkampana
thx for this reply
it was exactly what we were looking for but we couldn't test it our-self as we don't have an ASA box
@kusankar thank you for your reply but pkampana provided the answer we were looking for
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: