Been a while since I had to config a pix. When and access-list exists and is attached to an interface with the access-group command, what are the rules for adding a line to the list? Can I just add a line - where in the list does it end up? There is no deny all explicitly configured in the access-list.
Re: PIX 525 - adding a line to existing access list
The rules are: add a line OK. Delete a line = bad. It will wipe out your ACL and remove the access-group from the interface.
Copy your existing ACL into a text editor and add the additional line just to be safe. it is okay to copy everything back, it won't affect anything this way. And there is a Deny all at the end but you may not see it.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...