ACL - applied but not created

odaahodaah Posts: 15Member ■□□□□□□□□□
Hi,

If an ACL (say, 100) is applied to an interface but not created, ie no entries in the ACL. How would the ASA behave ?

1) Would there be a default deny since the last statement is deny all ?

2) Will there be a change in behavior based on where (interface / zone) where it is applied ?

Thanks for your answers

Comments

  • roghanroghan Posts: 33Member ■■□□□□□□□□
    odaah wrote: »
    Hi,

    If an ACL (say, 100) is applied to an interface but not created, ie no entries in the ACL. How would the ASA behave ?

    1) Would there be a default deny since the last statement is deny all ?

    You can't apply an ACL, that didn't be created before, to an interface, but you must create an ACL, also without entries, and then you can apply its to an interface. In the "CCNA Security Booklet" book is written "once an ACL is created, al least one permit statement should be included or al traffic wil be dropped once that ACL is applied to an interface". icon_surprised.gif
Sign In or Register to comment.