Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

automatic ACL when using access-group command

Last my collegue asked me what is the default ACL when you put access-group on a interface

when looking on cisco.com I found :

If the specified access list does not exist, all packets are passed.

http://www.cisco.com/en/US/docs/ios/12_3/ipaddr/command/reference/ip1_i1g.html#wp1078845

But this is for routers, how is this for ASA firewalls?

Can anyone help us?

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: automatic ACL when using access-group command

The ASA will not let you apply an ACL that is not configured. It will bark

ASA-5505(config)# access-g not-exist in interface inside
ERROR: access-list does not exist

I hope it helps.

PK

3 REPLIES
Cisco Employee

Re: automatic ACL when using access-group command

The ASA will not let you apply an ACL that is not configured. It will bark

ASA-5505(config)# access-g not-exist in interface inside
ERROR: access-list does not exist

I hope it helps.

PK

Cisco Employee

Re: automatic ACL when using access-group command

It depends on the security level configured for that interface.

By default traffic from high security to low security (inside to outside) WILL be allowed like in the routers without any access-group applied.

But, traffic from low to high security (outside to inside) WILL NOT be allowed without access-group applied on the interface.

-KS

Community Member

Re: automatic ACL when using access-group command

Hey pkampana

thx for this reply

it was exactly what we were looking for but we couldn't test it our-self as we don't have an ASA box

@kusankar thank you for your reply but pkampana provided the answer we were looking for

398
Views
0
Helpful
3
Replies
CreatePlease to create content