Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
596
Views
0
Helpful
1
Replies

understanding access list config in 6500 FW module

jrhofman
Level 1
Level 1

‎08-30-2004 01:25 PM

A customer sent me this config and asked if I would review it.

nameif vlan246 test security50

!

access-list test_I_O extended permit ip any object-group test_destination_nets

access-list test_I_O extended permit ip any any

access-list test_I_O extended deny ip any any

!

access-group test_I_O in interface test

object-group test_destination_nets is a bunch of address ranges.

I'm fairly new to the whole FW thing but it seems to me that the permit ip any any over-rides the first permit statement and also the last deny statement is not necessary since there is an implicit deny at the end of all access-lists.

Am I thinking correctly?

Labels:
0 Helpful
1 Reply 1

irelandsky
Level 1
Level 1

‎09-01-2004 01:35 AM

Hi,

yes you think correctly.... the first and last line are not necessary, so all traffic coming from test interface is permitted.

Bye

Marco

0 Helpful
Customers Also Viewed These Support Documents