Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

bypass command within an ACL

I'm having a hard time determining what exactly the bypass keyword does. For example, I want to NAT 192.168.248.30 going to anything other than 10.0.0.0. How would the results vary in the two ACL's below.

acl 1

clause 5 permit any any destination 10.0.0.0 255.255.255.0

clause 6 permit any 192.168.248.30 destination any sourcegroup ACC-PAT

clause 10 permit any any destination any

apply circuit-(VLAN3)

acl 1

clause 6 bypass any any destination 10.0.0.0 255.255.255.0

clause 7 permit any 192.168.248.30 destination any sourcegroup ACC-PAT

clause 10 permit any any destination any

apply circuit-(VLAN3)

What other things does the bypass command affect?

Another question, Will an acl allow an established connection? On a router there is an option to do permit ip any any established. Does a CSS offer the same?

Thanks,

Clayton Price

1 REPLY
Cisco Employee

Re: bypass command within an ACL

the bypass means the traffic is permitted and the CSS will not try to match a content rule.

So, both can work in your scenario.

Gilles.

102
Views
0
Helpful
1
Replies