ACL - applied but not created

Hi,

If an ACL (say, 100) is applied to an interface but not created, ie no entries in the ACL. How would the ASA behave ?

1) Would there be a default deny since the last statement is deny all ?

2) Will there be a change in behavior based on where (interface / zone) where it is applied ?

Thanks for your answers

Find more posts tagged with

Comments

roghan

odaah wrote: »

Hi,

If an ACL (say, 100) is applied to an interface but not created, ie no entries in the ACL. How would the ASA behave ?

1) Would there be a default deny since the last statement is deny all ?

You can't apply an ACL, that didn't be created before, to an interface, but you must create an ACL, also without entries, and then you can apply its to an interface. In the "CCNA Security Booklet" book is written "once an ACL is created, al least one permit statement should be included or al traffic wil be dropped once that ACL is applied to an interface".

Quick Links

All Categories
Recent Posts
Activity
Unanswered
Groups
Best Of