PIX Multiple access-groups

Unanswered Question

Can I have multiple access-groups (and multiple ACLs) protecting an interface on a PIX (ver 6.3(4)), for example:

access-group in-house-rules-acl in interface outside

access-group spam-drop-rules-acl in interface outside

If so, when a packet passes the first rule set, will it be evaluated by the second set of ACLs?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 10/20/2009 - 08:23


No you can't. You can only apply one acl per direction altho on 6.3 i believe that can only be inbound.

Why do you need 2 acls, just combine them into one.



This Discussion