Jon Marshall Fri, 08/31/2007 - 13:21
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


You don't need to add this as there is an implicit deny at the end of the access-list anyway so any packets not permitted in your access-list will be dropped.


The only reason you may want to add it is so you can see how many packets your firewall is dropping by looking at the hit counters.


HTH


Jon

purohit_810 Fri, 08/31/2007 - 17:03
User Badges:
  • Silver, 250 points or more

That is true, Implicit deny always there... But it is require only the time of troubleshooting or some of testing time.


to check the hit comes ot not...by command


show access-list outgoing


Regards,

Dharmesh Purohit


Actions

This Discussion