Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
326
Views
0
Helpful
1
Replies

why is implicit deny missing from outside int incoming access rules after upgrade from 8.25 to 9.1?

davkirkwo
Level 1
Level 1

‎10-04-2013 01:09 AM - edited ‎03-11-2019 07:47 PM

                   i have just noticed that after upgarde of image and asdm to 911 and 711, the implicit deny acl is missing from the outside interface. Is this deliberate or a poor upgrade. i am upgrading from 8.25 normally, depends what the reseller sends me.

should this be happening or am i upgrading in too large a jump?

thanks,

david

Labels:
0 Helpful
1 Reply 1

Jouni Forss
VIP Alumni
VIP Alumni

‎10-04-2013 02:13 AM

Hi,

Would really see some screencapture / output of the thing you are referring to.

I imagine that you are perhaps referring to something related to ASDM? I dont personally really use ASDM at all for ASA configurations to I am not up to date on the possible problems it might have or changes made to its interface.

I am not sure if you have an ACL attached to the "outside" interface? If so then I think the ASDM should show the Implicit Deny at the end while this wont show on the CLI side at all.

I did just check my own ASA at home which is running 9.0(2) and ASDM 7.1(2) at the moment and it doesnt show an Implicit Deny for my LAN or WAN interfaces ACL.

Though the basic ACL operation is still in effect. If its not allowed in the ACL then its blocked by Implicit Deny. This can be confirmed with "packet-tracer" test on your firewall also.

- Jouni

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card