04-27-2010 05:08 PM - edited 03-11-2019 10:38 AM
dear experts,
hello
i know that the standard ACL syntax in the router we mention the SOURCE ip address,right?
but when i read a configuration guid file for the standard ACL in the ASA firewall in cisco.com i found that we mention the DESTINATION
ip address...
so this difference in the same type of ACL in the router and the ASA is right and logical ?
thanks for your reply,
labib makar
Solved! Go to Solution.
04-27-2010 06:38 PM
Hey labib,
I have not realized this until now!
I always use extended ACLs for everything and it's been a while since using a standard ACL.
You are 100% correct and on the ASA, the standard ACL is based on destination (not source) as opposed to IOS.
I've seen standard ACLs on ASA for split-tunneling and for OSPF configuration in route-maps.
Good one!
Federico.
04-27-2010 05:11 PM
Hi,
Standard ACLs always reference the source.
What is the document that you're referring to?
Federico.
04-27-2010 05:54 PM
hi federico,
first thanks for your reply
i sent you the link of the configuration guid that says that in cisco.com in one of the technical document.
and another print screen image from the book i'm reading that says the same. ( the name of the book in the title bar of the printed page)
thanks for your help
labib
http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/acl_standard.html#wp1056837
04-27-2010 06:38 PM
Hey labib,
I have not realized this until now!
I always use extended ACLs for everything and it's been a while since using a standard ACL.
You are 100% correct and on the ASA, the standard ACL is based on destination (not source) as opposed to IOS.
I've seen standard ACLs on ASA for split-tunneling and for OSPF configuration in route-maps.
Good one!
Federico.
04-27-2010 07:02 PM
ok federico it is clear for me now, thanks alot for your efforts
labib
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: