PIX Multiple access-groups

Unanswered Question
Oct 20th, 2009
User Badges:

Can I have multiple access-groups (and multiple ACLs) protecting an interface on a PIX (ver 6.3(4)), for example:

access-group in-house-rules-acl in interface outside

access-group spam-drop-rules-acl in interface outside

If so, when a packet passes the first rule set, will it be evaluated by the second set of ACLs?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Tue, 10/20/2009 - 08:23
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


No you can't. You can only apply one acl per direction altho on 6.3 i believe that can only be inbound.

Why do you need 2 acls, just combine them into one.


Jerry Ye Tue, 10/20/2009 - 13:15
User Badges:
  • Cisco Employee,

You should try object-group and remark.




This Discussion