Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Access-List Problem in PIX


The problem tha i am facing is when i remove the access-list from the configration the PIX stop sending trafic out sided means internet stop working but the access-list that i want to remove has nothing to do with internet browsing as this is related to the VPN i.e; which trafic to encrypt and to which not .

I also had faced this problem at one of our customer , at that time the customer wants to allow the ping so what i did at that time

Access-list sam permit icmp any any.

but after issuing this commnad internet stop working.

has any one come this strange problem related to the access-list.



Cisco Employee

Re: Access-List Problem in PIX

Whenever you are going to make config changes that are vpn related, wether access-list or crypto or isakmp commnads, you should first unapply the crypto map off the interface, otherwise, you experience this lock up of the interface.

"no crypto map mapname interface ifname".


New Member

Re: Access-List Problem in PIX

If I understand you correctly, the problem isn't strange behavior of the access-list. You have to keep in mind that access-lists have implicit "deny all" as the last statement. Thus, whatever you don't explicitly permit is denied. That's whay when you put the ICMP access-list on you couldn't get to the Internet for browsing, etc.

Hope this helps

CreatePlease login to create content