ACL - applied but not created
odaah
Member Posts: 15 ■□□□□□□□□□
Hi,
If an ACL (say, 100) is applied to an interface but not created, ie no entries in the ACL. How would the ASA behave ?
1) Would there be a default deny since the last statement is deny all ?
2) Will there be a change in behavior based on where (interface / zone) where it is applied ?
Thanks for your answers
If an ACL (say, 100) is applied to an interface but not created, ie no entries in the ACL. How would the ASA behave ?
1) Would there be a default deny since the last statement is deny all ?
2) Will there be a change in behavior based on where (interface / zone) where it is applied ?
Thanks for your answers
Comments
-
roghan
Member Posts: 33 ■■□□□□□□□□
Hi,
If an ACL (say, 100) is applied to an interface but not created, ie no entries in the ACL. How would the ASA behave ?
1) Would there be a default deny since the last statement is deny all ?
You can't apply an ACL, that didn't be created before, to an interface, but you must create an ACL, also without entries, and then you can apply its to an interface. In the "CCNA Security Booklet" book is written "once an ACL is created, al least one permit statement should be included or al traffic wil be dropped once that ACL is applied to an interface".