acl types

Unanswered Question
Sep 29th, 2008
User Badges:

Hi all, when configuring access lists, what is the definition of an extended access list, I thought on a router it means source and dest, but when I configure an access list on my asa firewall, does it have a different meaning ?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Marwan ALshawi Mon, 09/29/2008 - 01:07
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

extended ACL and standard ACL work the same on the router and ASA

so the same idea exactly

if helpful Rate

satish_zanjurne Mon, 09/29/2008 - 01:08
User Badges:
  • Silver, 250 points or more

Extended Access-List :

1.Extended ACLs were introduced in Cisco IOS Software Release 8.3.n all software releases, the access-list-number can be 101 to 199. In Cisco IOS Software Release 12.0.1, extended ACLs begin to use additional numbers (2000 to 2699)

***Extended ACLs control traffic by the comparison of the source and destination addresses of the IP packets to the addresses configured in the ACL.

2.In extended access-lists with ICMP you can use ICMP type, tos etc.

3.In Extended acces-list with TCP & UDP , you can use source & destination ports , in addition to source 7 destination address.

4.Also in IP Extended access-list you can use different protocols like ftp,www,telnet to match.

5.In ASA firewall , access-list are used to control the access , in both directions.

6.there are some default rules in ASA like access from higher security level to lower security level is allowed by default , unless restricted using access list, & is blocked by default from low security level to high, unless allowed using access list.

HTH...rate if helpful...

carl_townshend Mon, 09/29/2008 - 06:33
User Badges:

Hi there, so how about in my cisco ASA? it lets me create acl's without the extended keyword but gives me the same features as an extended acl, is this correct ?


This Discussion