09-29-2008 12:15 AM - edited 03-06-2019 01:39 AM
Hi all, when configuring access lists, what is the definition of an extended access list, I thought on a router it means source and dest, but when I configure an access list on my asa firewall, does it have a different meaning ?
09-29-2008 01:07 AM
extended ACL and standard ACL work the same on the router and ASA
so the same idea exactly
if helpful Rate
09-29-2008 01:08 AM
Extended Access-List :
1.Extended ACLs were introduced in Cisco IOS Software Release 8.3.n all software releases, the access-list-number can be 101 to 199. In Cisco IOS Software Release 12.0.1, extended ACLs begin to use additional numbers (2000 to 2699)
***Extended ACLs control traffic by the comparison of the source and destination addresses of the IP packets to the addresses configured in the ACL.
2.In extended access-lists with ICMP you can use ICMP type, tos etc.
3.In Extended acces-list with TCP & UDP , you can use source & destination ports , in addition to source 7 destination address.
4.Also in IP Extended access-list you can use different protocols like ftp,www,telnet to match.
5.In ASA firewall , access-list are used to control the access , in both directions.
6.there are some default rules in ASA like access from higher security level to lower security level is allowed by default , unless restricted using access list, & is blocked by default from low security level to high, unless allowed using access list.
HTH...rate if helpful...
09-29-2008 06:33 AM
Hi there, so how about in my cisco ASA? it lets me create acl's without the extended keyword but gives me the same features as an extended acl, is this correct ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide