PIX access-list versus access-group

Posted on 2007-08-08
Medium Priority
Last Modified: 2013-11-16
What is the difference between an access-list and and access-group?
Does an access-group apply to all access lists?  

Just trying to make sense of these commands.. Thanks
Question by:bandoafernandez
  • 2
LVL 32

Accepted Solution

rsivanandan earned 500 total points
ID: 19659435
An access-list is the conditional policy that you define as to what is allowed and what is not.

an access-group tells the pix on which interface the above access-list needs to be bound and in which direction.

So taking your old example;

access-list Outside_In permit tcp any host eq 80

access-group Outside_In in interface outside

Here the above access-list tells to allow all tcp connections from any host to host on port 80

Now, it needs to be bound to an interface so that the pix needs when to use this access-list for checking the traffic. So;

access-group <Name> <in/out> <interface> <inside/outside/dmz>

<Name> -> you already know it

<in/out> -> Tells whether to inspect the traffic if that is coming in (in) or going out (out) of that interface mentioned next

<inside/outside/dmz> -> Tells on which interface this needs to be applied.

LVL 32

Expert Comment

ID: 19663656
Did the info I provide help ?


Author Comment

ID: 19663689
Yes, absolutely.  Thanks so much for the clarification!

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot has fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The Internet has made sending and receiving information online a breeze. But there is also the threat of unauthorized viewing, data tampering, and phoney messages. Surprisingly, a lot of business owners do not fully understand how to use security t…
Phishing emails are a popular malware delivery vehicle for attack.  While there are many ways for an attacker to increase the chances of success for their phishing emails, one of the most effective methods involves spoofing the message to appear to …
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question