Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA Behavior Access lists

Hi All,

 

From What I have learnt regarding access lists, if there is a global access list, it will be checked after checking the interface access list and the "deny ip any any" will be at the end of global access list instead of at the interface.

 

Question

When we have Global access list, the implicit rule that permits all IP traffic from high security level(say 100) to low security level(say 0) will be disabled?

 

Kindly advise

 

Thanks & Regards

 

 

1 REPLY
VIP Green

If you use the global access

If you use the global access list only, you would need to configure rules in both directions:

access-list test extended permit ip host 1.1.1.2 host 2.2.2.1
access-list test extended permit ip host 2.2.2.1 host 1.1.1.2

access-group test global

So yes, the security levels will be disabled.

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
36
Views
0
Helpful
1
Replies
CreatePlease to create content