Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member


the procedure to add a new entry in access list

1)no access-list dmz deny ip any any

( make changes)


2) if there is no entry access-list dmz deny ip any any

then can use no access-list dmz deny ip any any

(make changes)

or compile the whole ACL


Re: FWSM 2.3 ACL

ipv6 access-list id [line num] {permit | deny} protocol source [src_port] destination [dst_port]

The name of the access list. Use the same id in each command when you are entering multiple entries for an access list.

line numWhen adding an entry to an access list, you can specify the line number in the list where the entry should appear.

permit | denyDetermines whether the specified traffic is blocked or allowed to pass.

icmpIndicates that the access list entry applies to ICMP traffic.

protocolSpecifies the traffic being controlled by the access list entry. This can be the name (ip, tcp, or udp) or number (1-254) of an IP protocol. Alternatively, you can specify a protocol object group using object-group grp_id.

source and destinationSpecifies the source or destination of the traffic. The source or destination can be an IPv6 prefix, in the format prefix/length, to indicate a range of addresses, the keyword any, to specify any address, or a specific host designated by host host_ipv6_addr.

src_port and dst_portThe source and destination port (or service) argument. Enter an operator (lt for less than, gt for greater than, eq for equal to, neq for not equal to, or range for an inclusive range) followed by a space and a port number (or two port numbers separated by a space for the range

CreatePlease login to create content