automatic ACL when using access-group command

Answered Question
Jan 21st, 2010
User Badges:

Last my collegue asked me what is the default ACL when you put access-group on a interface


when looking on cisco.com I found :


If the specified access list does not exist, all packets are passed.


http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp1078845


But this is for routers, how is this for ASA firewalls?


Can anyone help us?

Correct Answer by Panos Kampanakis about 7 years 6 months ago

The ASA will not let you apply an ACL that is not configured. It will bark


ASA-5505(config)# access-g not-exist in interface inside
ERROR: access-list does not exist


I hope it helps.


PK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Panos Kampanakis Tue, 01/26/2010 - 18:10
User Badges:
  • Cisco Employee,

The ASA will not let you apply an ACL that is not configured. It will bark


ASA-5505(config)# access-g not-exist in interface inside
ERROR: access-list does not exist


I hope it helps.


PK

Kureli Sankar Tue, 01/26/2010 - 20:33
User Badges:
  • Cisco Employee,

It depends on the security level configured for that interface.


By default traffic from high security to low security (inside to outside) WILL be allowed like in the routers without any access-group applied.


But, traffic from low to high security (outside to inside) WILL NOT be allowed without access-group applied on the interface.


-KS

BartV1982 Tue, 01/26/2010 - 23:56
User Badges:

Hey pkampana


thx for this reply

it was exactly what we were looking for but we couldn't test it our-self as we don't have an ASA box


@kusankar thank you for your reply but pkampana provided the answer we were looking for

Actions

This Discussion