Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
352
Views
0
Helpful
2
Replies

dany any any

mframadan
Level 1
Level 1

‎08-31-2007 01:00 PM - edited ‎03-12-2019 05:49 PM

i ask if i need to write at the end of ACl this command

access-list outgoing extended deny ip any any

Labels:
0 Helpful
2 Replies 2

Jon Marshall
Hall of Fame
Hall of Fame

‎08-31-2007 01:21 PM

Hi

You don't need to add this as there is an implicit deny at the end of the access-list anyway so any packets not permitted in your access-list will be dropped.

The only reason you may want to add it is so you can see how many packets your firewall is dropping by looking at the hit counters.

HTH

Jon

0 Helpful

purohit_810
Level 5
Level 5

‎08-31-2007 05:03 PM

That is true, Implicit deny always there... But it is require only the time of troubleshooting or some of testing time.

to check the hit comes ot not...by command

show access-list outgoing

Regards,

Dharmesh Purohit

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card