How does this ACL work ?

jibbajabbajibbajabba Member Posts: 4,317 ■■■■■■■■□□
Would anyone be so kind as to explain how this ACL works? For example, in what order the ACLs are processed?
access-list 1 remark INSIDE_IF=Vlan1
access-list 1 remark SDM_ACL Category=2
access-list 1 permit
access-list 100 remark SDM_ACL Category=4
access-list 100 remark IPSec Rule
access-list 100 permit ip
access-list 101 remark SDM_ACL Category=2
access-list 101 remark IPSec Rule
access-list 101 deny   ip
access-list 101 remark IPSec Rule
access-list 101 deny   ip
access-list 101 permit ip any
access-list 102 remark SDM_ACL Category=4
access-list 102 remark IPSec Rule
access-list 102 permit ip
dialer-list 1 protocol ip permit
no cdp run
route-map SDM_RMAP_1 permit 1
 match ip address 101

The router is (single VLAN on all Ethernet ports), it has a VPN to and

My understanding...

Rule 100 allows traffic to (VPN), rule 101 allows traffic to the Internet (but denies traffic which is intended for the two remote VPN networks), then rule 102 allows traffic to

What do the "route-map permit 1" and "match ip address 101" lines mean? Is ACL 1 not redundant given ACL 101?

Everything works, I'm just trying to understand what order things happen in.
My own knowledge base made public: :p


  • EdTheLadEdTheLad Member Posts: 2,111 ■■■■□□□□□□
    Use the Cisco forums for Cisco questions!

    Route-map SDM_RMAP_1 permit 1:
    SDM_RMAP_1 is the name of the route-map
    permit 1 means this is the first line of the route-map, the 1 is a variable which allows you to modify the command position after a the route-map is created.
    match ip address 101, means match access-list 101.

    I'm sure if you went to google "cisco route-map" you would have found this explanation.
    Networking, sometimes i love it, mostly i hate it.Its all about the $$$$
Sign In or Register to comment.