03-07-2013 09:13 AM - edited 03-11-2019 06:11 PM
Hey All,
Having a moment here - I see it every day: access-list SOMETHING extended permit ip ........
I use 'ip' when I intend to say 'everything' but I didn't know how the IOS actually summarized 'ip' internally.
All of the other port 'macros' (not really sure you would call them?) like www, and ftp, have direct correlations like 80, 21.. Anyway, just got me thinking. Looking forward to learning what it really means at the lower level!
Thanks in advance,
Kindest Regards,
Alan
Solved! Go to Solution.
03-07-2013 09:45 AM
Hi,
Yes it should pretty much allow everything through the firewall.
Most common are the mentioned TCP (every port), UDP (every port) and ICMP
Naturally some traffic might be controlled by the ASA differently and a simple ACL might not do the trick. Might have to for example enable or disable inspections on the ASA.
- Jouni
03-07-2013 09:30 AM
Hi,
The "access-list" rule containing "permit ip" basically allows all the traffic
This includes TCP, UDP and ICMP
When you use either TCP or UDP then you can permit separate ports
- Jouni
03-07-2013 09:33 AM
Hey Jouni,
Yeah, this is how I understood it, so are you saying that at the low level it's like putting: Extended permit TCP _every port, UDP _every port, ICMP _every flag?
I know I'm overthinking this, but curiosity did kill the cat !! Perhaps I should just leave my understanding at 'ip' means 'everything'.
Thanks!
Kindest Regards,
ALAN
03-07-2013 09:45 AM
Hi,
Yes it should pretty much allow everything through the firewall.
Most common are the mentioned TCP (every port), UDP (every port) and ICMP
Naturally some traffic might be controlled by the ASA differently and a simple ACL might not do the trick. Might have to for example enable or disable inspections on the ASA.
- Jouni
03-07-2013 09:49 AM
Hey Jouni,
Awesome! Thanks for relieving my brain fart moment!
Kindest Regards,
ALAN
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide