Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Access-List Behavior Differences

Hi All,

access lists on a pix act a little differently, permit for example, meaning permit the specific traffic to be translated etc. What about access lists on a 2600 Router that has VPN traffic, say in a site-site between a 506E and 2600 Router.? How does the Router distinguish between the 2 types of actions.? Cheers.


  • Other Security Subjects

Re: Access-List Behavior Differences


AFAIK we normally use ACLs as a classifyig or matching tool so that we can configure the actions accordingly.

we basically match for numerous purposes based on our requirements some of them like for doing NAT(translations),for encrypting,either permitting or dropping,to do polciy based routing..

We do use them in NAT statement to permit which networks has to be Natted and in IPSEC we do mention in the form interesting traffic which has to be applied with necessary encrption.

Again we used to block/permit the traffic by configuring acess-groups under the interfaces which is basically involved with access-lists..

Also in PBRs where we match some source networks using ACLs and route it accordingly as per our wish or our requirements to avoid congestion or to give priority to that network...


This widget could not be displayed.