ACL operation.

Answered Question
Aug 30th, 2007
User Badges:

What will happen if delete the access list acl_outbound that still is applied to the inside interface, traffic will stop or will flow freely n pix?

access−group acl_outbound in interface inside

Thanks in advance


Correct Answer by hsajwan about 9 years 8 months ago

Already established connections do not get checked by access-list. So, even if you remove the access-list, the existing connections will still continue to work. However, new connections may be affected depending on the traffic flow e.g if traffic is going from higher security to lower security, it will be permitted but traffic from lower to higher will be blocked.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
plwalsh Thu, 08/30/2007 - 03:43
User Badges:

The traffic will stop.


You need an ACL to define the IP traffic that is allowed through the interface. If you want to change the ACL completely you could configure a new ACL (with a different name) and then use the command'access-group NEW_ACL_NAME in interface inside' to apply it. There should be no interruption to traffic flow (assuming the new ACL is configured correctly).

adriatikb Thu, 08/30/2007 - 04:59
User Badges:

assuming that i did not configure the nje ACL and a leave the old ALC applied on that insede interface?

what happen?

thanks



Correct Answer
hsajwan Thu, 08/30/2007 - 05:01
User Badges:

Already established connections do not get checked by access-list. So, even if you remove the access-list, the existing connections will still continue to work. However, new connections may be affected depending on the traffic flow e.g if traffic is going from higher security to lower security, it will be permitted but traffic from lower to higher will be blocked.

Actions

This Discussion