I need some help about access list. I understand is being read from top to down but
I would like to confirm if someone have a reference or knowledge on how to organize
access list w/ different protocols. what i meant is from top to down w/c protocols should be
at the top (example access-list inside line 1 permit tcp..... ) and how about the
access-list inside line 1 permit ICMP....
access-list inside line 1 permit udp....
source ip addresseses, is it from broad( top) going to specific ip(down).
access-lists are indeed read from top to bottom and as soon as a match is made in the access-list processing stops and the action, pemit or deny, is executed.
Because access-lists are read from top to bottom the recommendation is to try and put the lines that will matched the most at the top of the acl. This means that processing of the acl per packet will be less because the device will find a match sooner rather than later. Having said that most devices are very good at processing acls so this is not something you should worry too much about.
Source IP addresses should be done specific nearer the top than broad. If you do it the other way round then there is the chance a match will be made on the broad entry when you wanted it on the specific.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...