permit icmp any xx.xxx.xxx.xx 0.0.0.7 packet-too-big
permit tcp any host xx.xxx.xxx.xx eq smtp
Can anyone tell me why all of those extra entries input themselves at the beginning of my access-list? Also, I tried clearing out the extra entries by removing the access-list and then recreating it, but it keeps all the entries and those entries override any additional changes I make to the access-list, as they are at the top. I had to change the access-list number in order for a couple of the rules to take effect. Thanks in advance.
Re: access-list appears to grow and grow and grow.......
Any extra lines above the lines you have created in your ACL is created by the CBAC (ip inspect OUT out line under the interface). Most likely this is how it is intended to setup. Once you apply cbac on router that is "ip inspect OUT out" on the interface, it will create the dynmic holes by appending the acl lines on top of your existing extended ACL. This is exactly what is happening in your case. If you remove line "ip inspect OUT out", you may experince communication from inside to outside, as return traffic would be blokced from outside. So, either you have to leave the CBAC on or you need to allow the retuurn traffic from outside to inside. Please, let me know if this clear. Thanks,
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :