cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
641
Views
0
Helpful
3
Replies

automatic ACL when using access-group command

BartV1982
Level 1
Level 1

Last my collegue asked me what is the default ACL when you put access-group on a interface

when looking on cisco.com I found :

If the specified access list does not exist, all packets are passed.

http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp1078845

But this is for routers, how is this for ASA firewalls?

Can anyone help us?

1 Accepted Solution

Accepted Solutions

Panos Kampanakis
Cisco Employee
Cisco Employee

The ASA will not let you apply an ACL that is not configured. It will bark

ASA-5505(config)# access-g not-exist in interface inside
ERROR: access-list does not exist

I hope it helps.

PK

View solution in original post

3 Replies 3

Panos Kampanakis
Cisco Employee
Cisco Employee

The ASA will not let you apply an ACL that is not configured. It will bark

ASA-5505(config)# access-g not-exist in interface inside
ERROR: access-list does not exist

I hope it helps.

PK

It depends on the security level configured for that interface.

By default traffic from high security to low security (inside to outside) WILL be allowed like in the routers without any access-group applied.

But, traffic from low to high security (outside to inside) WILL NOT be allowed without access-group applied on the interface.

-KS

BartV1982
Level 1
Level 1

Hey pkampana

thx for this reply

it was exactly what we were looking for but we couldn't test it our-self as we don't have an ASA box

@kusankar thank you for your reply but pkampana provided the answer we were looking for

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: