Order of ACLs in PIX config

Unanswered Question
Dec 10th, 2007
User Badges:

Hi,

until recently the order of access lists in our PIX config was:

names

acl_outside

acl_dmz

acl_inside

acl nat0

acl crypto maps

static mappings

isakmps


Recently, while editing access-list acl_inside I entered no access-list acl_inside which removed all the acl_inside lines.

I added all these back in but now the order of the access lists has changed and I notice that no rules in acl_inside are been processed as the hit counters are all 0. So I guess no outgoing traffic is being filtered.

The order now is:

names

acl_outside

acl_dmz

acl nat0

acl crypto maps

acl_inside

static mappings

isakmps


How can I revert to the previous order of acls in the pix config?

Why would none of the acl_inside rules now be processed?


Thanks in advance

Marty


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Hello.


My understanding is traffic from the inside to lower security interfaces does not require the access-list and access-group command.


That said removing an entire acl removers the access-group command.


apply


access-group acl_inside in interface inside.


I'm not sure if the same applies for other interfaces wishing to access lower security interfaces.


You can consider yourself lucky :)


Tim

Actions

This Discussion