Re: pix and access-list

zoushan · ‎05-17-2002

Hello,everyone:

I have a question : How many access-lists can apply to a pix interface? I know that a router interface can only apply one access-list to it in one direction(in or out).

rokp · ‎05-17-2002

You can only apply one access-list with access-group command to a particular interface. The access list is always applied in the "in" direction to the interface.

Router can have two IP access lists applied to the interface simultaneously - one "in" and one "out".

ROK

zoushan · ‎05-19-2002

The doc said that access-list can replace conduit command .In the pix I can use many conduit command, If I can only use one access-list ,there will be not convenience? Because if I edit one item in the access-list, I should edit the whole access-list?

rokp · ‎05-19-2002

>The doc said that access-list can replace conduit command

It can.

>In the pix I can use many conduit command, If I can only use one

>access-list ,there will be not convenience? Because if I edit one item

>in the access-list, I should edit the whole access-list?

An access-list can have many rules (especially now w/ 6.2 and Turbo ACLs).

You can delete any line from access-list, but can only append to it, so, yes,

you can have situation where you replace entire ACL with different one (the

same procedure as in IOS routers - actually, PIX's ACLs behave like IOS

named ACLs).

ROK