Solved: ACL

joyride_us2 · ‎03-18-2010

Hi,

does the ACL rules prevail over the basic rule that traffic can freely flow from higher to lower security interfaces ? In other words : whenever I place an ACL (with implicit deny any) on a user interface (like sec 100), I must specify that trafific towards Internet (sec 0) addresses is allowed though. Right or wrong ?

thank you

KARUPPUCHAMY MALAIYANDI · ‎03-18-2010

Hi,

does the ACL rules prevail over the basic rule that traffic can freely flow from higher to lower security interfaces ?

Yes. It is.By default all traffic is permitted(implicit permit) from high security level interface to low security level interface.If you are placing any ACL on the high security interface, that implicit permit ACL will be removed by default.

Based on your new ACL the traffic will move from high security level interface to low security interface for those specific source and destinations

Regards

Karuppu

View solution in original post

KARUPPUCHAMY MALAIYANDI · ‎03-18-2010

Hi,

does the ACL rules prevail over the basic rule that traffic can freely flow from higher to lower security interfaces ?

Yes. It is.By default all traffic is permitted(implicit permit) from high security level interface to low security level interface.If you are placing any ACL on the high security interface, that implicit permit ACL will be removed by default.

Based on your new ACL the traffic will move from high security level interface to low security interface for those specific source and destinations

Regards

Karuppu