Jon Marshall Fri, 08/31/2007 - 13:21
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


You don't need to add this as there is an implicit deny at the end of the access-list anyway so any packets not permitted in your access-list will be dropped.

The only reason you may want to add it is so you can see how many packets your firewall is dropping by looking at the hit counters.



purohit_810 Fri, 08/31/2007 - 17:03
User Badges:
  • Silver, 250 points or more

That is true, Implicit deny always there... But it is require only the time of troubleshooting or some of testing time.

to check the hit comes ot command

show access-list outgoing


Dharmesh Purohit


This Discussion