Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
2
Replies

ACL's on ACE Appliance

andrew.burns
Level 7
Level 7

‎05-26-2008 07:51 AM

Hi,

In the ACE Appliance management remote access examples there is an ACL which has "permit ip any any" but in my test configurations it works fine without this. For example, icmp is controlled by whether or not there is a matching class-map entry in the management class and this works whether the ACL is present or not.

What's the purpose of the "permit ip any any" ACL?

thanks,

Andrew.

Labels:
0 Helpful
2 Replies 2

Roble Mumin
Level 3
Level 3

‎05-26-2008 09:14 AM

I think there is a difference between traffic to the interface and traffic over the interface.

You can have a working management policy for ssh access and ICMP to the interface but to make sure traffic flows from the client side to the server side you need to allow it.

So that is where the permit IP any any access-list is necessary to make sure traffic flows through the ACE. IIRC there will be no traffic flowing through the appliance if you don't have the permit ip any access-list on the according interfaces.

The closest thing to this might be on a PIX or ASA. You have the ICMP traffic through the interface controlled by the ACL statements and ICMP traffic towards the interface controlled by the ICMP statement itself.

I hope that explains if i didn't get you wrong.

If am writing total BS i probably get corrected soon. :)

Roble

0 Helpful

Syed Iftekhar Ahmed
Level 8
Level 8
In response to Roble Mumin

‎05-27-2008 11:11 AM

True

Remote access traffic "to the ACE" is controlled by management policy.

&

"Through the ACE" is controlled by the ACL.

Syed

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents