acl types

carl_townshend · ‎09-29-2008

Hi all, when configuring access lists, what is the definition of an extended access list, I thought on a router it means source and dest, but when I configure an access list on my asa firewall, does it have a different meaning ?

Marwan ALshawi · ‎09-29-2008

extended ACL and standard ACL work the same on the router and ASA

so the same idea exactly

if helpful Rate

satish_zanjurne · ‎09-29-2008

Extended Access-List :

1.Extended ACLs were introduced in Cisco IOS Software Release 8.3.n all software releases, the access-list-number can be 101 to 199. In Cisco IOS Software Release 12.0.1, extended ACLs begin to use additional numbers (2000 to 2699)

***Extended ACLs control traffic by the comparison of the source and destination addresses of the IP packets to the addresses configured in the ACL.

2.In extended access-lists with ICMP you can use ICMP type, tos etc.

3.In Extended acces-list with TCP & UDP , you can use source & destination ports , in addition to source 7 destination address.

4.Also in IP Extended access-list you can use different protocols like ftp,www,telnet to match.

5.In ASA firewall , access-list are used to control the access , in both directions.

6.there are some default rules in ASA like access from higher security level to lower security level is allowed by default , unless restricted using access list, & is blocked by default from low security level to high, unless allowed using access list.

HTH...rate if helpful...

carl_townshend · ‎09-29-2008

Hi there, so how about in my cisco ASA? it lets me create acl's without the extended keyword but gives me the same features as an extended acl, is this correct ?