03-18-2010 01:35 AM - edited 03-11-2019 10:22 AM
Hi,
does the ACL rules prevail over the basic rule that traffic can freely flow from higher to lower security interfaces ? In other words : whenever I place an ACL (with implicit deny any) on a user interface (like sec 100), I must specify that trafific towards Internet (sec 0) addresses is allowed though. Right or wrong ?
thank you
Solved! Go to Solution.
03-18-2010 01:44 AM
Hi,
does the ACL rules prevail over the basic rule that traffic can freely flow from higher to lower security interfaces ?
Yes. It is.By default all traffic is permitted(implicit permit) from high security level interface to low security level interface.If you are placing any ACL on the high security interface, that implicit permit ACL will be removed by default.
Based on your new ACL the traffic will move from high security level interface to low security interface for those specific source and destinations
Regards
Karuppu
03-18-2010 01:44 AM
Hi,
does the ACL rules prevail over the basic rule that traffic can freely flow from higher to lower security interfaces ?
Yes. It is.By default all traffic is permitted(implicit permit) from high security level interface to low security level interface.If you are placing any ACL on the high security interface, that implicit permit ACL will be removed by default.
Based on your new ACL the traffic will move from high security level interface to low security interface for those specific source and destinations
Regards
Karuppu
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide