PIX access-list versus access-group

What is the difference between an access-list and and access-group?
Does an access-group apply to all access lists?  

Just trying to make sense of these commands.. Thanks
Who is Participating?
rsivanandanConnect With a Mentor Commented:
An access-list is the conditional policy that you define as to what is allowed and what is not.

an access-group tells the pix on which interface the above access-list needs to be bound and in which direction.

So taking your old example;

access-list Outside_In permit tcp any host eq 80

access-group Outside_In in interface outside

Here the above access-list tells to allow all tcp connections from any host to host on port 80

Now, it needs to be bound to an interface so that the pix needs when to use this access-list for checking the traffic. So;

access-group <Name> <in/out> <interface> <inside/outside/dmz>

<Name> -> you already know it

<in/out> -> Tells whether to inspect the traffic if that is coming in (in) or going out (out) of that interface mentioned next

<inside/outside/dmz> -> Tells on which interface this needs to be applied.

Did the info I provide help ?

bandoafernandezAuthor Commented:
Yes, absolutely.  Thanks so much for the clarification!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.