Perimeter Router Access Lists
Posted on 2009-04-19
I'm want to configure ACLs on our edge routers. But i ve some doubts about implementing them and i want to clarify that. Although, i ve seen through Cisco doc on basics on ACL, still i'm not clear. I know, i can get it cleared from all the experts here.
We know, at the end of every permit ACL there is an implicit deny statement. Hence, at the edge router if we implement only permit statements, rest of the traffic is automatically denied. My 1st questions is:
a. What is the difference between default implicit deny statement and writting ip deny any any ?
Does the later make any qualitative difference than the former ?
b. I need to permit authorized traffic of the firewall which is just behind the edge router and
deny rest of the traffic ? How i can do this ?
c. How to permit stateful return traffic of the firewall on the edge router ?
d. Can someone help me understand how to write permiter ACLs in simple words ?