Solved: Re: Cisco ASA ACL inspection

MBestt · ‎05-02-2024

Hello,

I have a question about how a Cisco ASA inspects traffic and hits on an ACL? Does it perform scans from top to bottom, or does it select the best match based on the specific traffic passing the firewall?

Thanks,

MB

Rob Ingram · ‎05-02-2024

@MBestt top to bottom in order.

"An ACL is made up of one or more ACEs. Unless you explicitly insert an ACE at a given line, each ACE that you enter for a given ACL name is appended to the end of the ACL. The order of ACEs is important. When the ASA decides whether to forward or drop a packet, the ASA tests the packet against each ACE in the order in which the entries are listed. After a match is found, no more ACEs are checked."

https://www.cisco.com/c/en/us/td/docs/security/asa/asa920/configuration/firewall/asa-920-firewall-config/access-acls.html

View solution in original post

Rob Ingram · ‎05-02-2024

@MBestt top to bottom in order.

"An ACL is made up of one or more ACEs. Unless you explicitly insert an ACE at a given line, each ACE that you enter for a given ACL name is appended to the end of the ACL. The order of ACEs is important. When the ASA decides whether to forward or drop a packet, the ASA tests the packet against each ACE in the order in which the entries are listed. After a match is found, no more ACEs are checked."

https://www.cisco.com/c/en/us/td/docs/security/asa/asa920/configuration/firewall/asa-920-firewall-config/access-acls.html

MHM Cisco World · ‎05-02-2024

Can I ask why you interested in order or acl?

MHM