08-31-2007 01:00 PM - edited 03-12-2019 05:49 PM
i ask if i need to write at the end of ACl this command
access-list outgoing extended deny ip any any
08-31-2007 01:21 PM
Hi
You don't need to add this as there is an implicit deny at the end of the access-list anyway so any packets not permitted in your access-list will be dropped.
The only reason you may want to add it is so you can see how many packets your firewall is dropping by looking at the hit counters.
HTH
Jon
08-31-2007 05:03 PM
That is true, Implicit deny always there... But it is require only the time of troubleshooting or some of testing time.
to check the hit comes ot not...by command
show access-list outgoing
Regards,
Dharmesh Purohit
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide