Solved: ACL operation.

adriatikb · ‎08-30-2007

What will happen if delete the access list acl_outbound that still is applied to the inside interface, traffic will stop or will flow freely n pix?

access−group acl_outbound in interface inside

Thanks in advance

hsajwan · ‎08-30-2007

Already established connections do not get checked by access-list. So, even if you remove the access-list, the existing connections will still continue to work. However, new connections may be affected depending on the traffic flow e.g if traffic is going from higher security to lower security, it will be permitted but traffic from lower to higher will be blocked.

View solution in original post

plwalsh · ‎08-30-2007

The traffic will stop.

You need an ACL to define the IP traffic that is allowed through the interface. If you want to change the ACL completely you could configure a new ACL (with a different name) and then use the command'access-group NEW_ACL_NAME in interface inside' to apply it. There should be no interruption to traffic flow (assuming the new ACL is configured correctly).

adriatikb · ‎08-30-2007

assuming that i did not configure the nje ACL and a leave the old ALC applied on that insede interface?

what happen?

thanks

hsajwan · ‎08-30-2007

Already established connections do not get checked by access-list. So, even if you remove the access-list, the existing connections will still continue to work. However, new connections may be affected depending on the traffic flow e.g if traffic is going from higher security to lower security, it will be permitted but traffic from lower to higher will be blocked.