DAP ACL filters - why only 'all allow' or 'all deny'

Unanswered Question
Feb 6th, 2008
User Badges:
  • Bronze, 100 points or more

Hi folks.

I'm doing DAP (dynamic Access policies) on an ASA 8.0 for SSL VPN via the AnyConnect client.

Could someone explain the requirement that ACLs used for Network or Web filters must consist of either all permit or all deny statements (i.e. no mixing permit/denys)

Also, I'm trying to wrap my head around Downloadable ACLs in general. Do people actually use these (either local to the ASA or downloaded from an ACS, for example)?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion