<div>
Its difficult to answer, as I cant see the matching access-group statements?<br />
<br />
Typically this is how I set mine up....<br />
<br />
<a href="http://www.petenetlive.com/KB/Article/0000316.htm" rel="ugc">ASA 5500 Adding a DMZ Step By Step</a><br />
<br />
Pete
</div>


Its difficult to answer, as I cant see the matching access-group statements?

Typically this is how I set mine up....

ASA 5500 Adding a DMZ Step By Step [http://www.petenetlive.com/KB/Article/0000316.htm]

Pete

<div>
<div class="content wysiwyg-content">
I have DMZ, INSIDE, OUTSIDE interfaces on my cisco PIX firewall<br />
<br />
DMZAL access list &nbsp;applied on DMZ interface in<br />
INSIDEAL access list applied on inside interface in<br />
<br />
<br />
1- &quot;access-list dmzAL extended permit ip interface DMZ interface inside&quot; &nbsp; &nbsp; <br />
2- &quot;access-list dmzAL extended permit ip interface inside interface DMZ&quot;<br />
<br />
3- &quot;access-list insideAL extended permit ip interface inside interface DMZ&quot;<br />
4- &quot;access-list insideAL extended permit ip interface DMZ interface inside&quot;<br />
<br />
If I am not mistaken 2 and 4 have no impact since for &quot;2&quot; the source in inside and dest is DMZ which is not the way the access list DMZAL is applied (dmz is source)<br />
and same applied with insideAL.. <br />
<br />
Am I mistaken or will there be some other access granted? <br />
<br />

</div>
</div>


I have DMZ, INSIDE, OUTSIDE interfaces on my cisco PIX firewall

DMZAL access list  applied on DMZ interface in
INSIDEAL access list applied on inside interface in


1- "access-list dmzAL extended permit ip interface DMZ interface inside"     
2- "access-list dmzAL extended permit ip interface inside interface DMZ"

3- "access-list insideAL extended permit ip interface inside interface DMZ"
4- "access-list insideAL extended permit ip interface DMZ interface inside"

If I am not mistaken 2 and 4 have no impact since for "2" the source in inside and dest is DMZ which is not the way the access list DMZAL is applied (dmz is source)
and same applied with insideAL.. 

Am I mistaken or will there be some other access granted? 



ACL applied the wrong way on an Interface, what will happen

Cisco PIX is a dedicated hardware firewall appliance; the Cisco Adaptive Security Appliance (ASA) is a firewall and anti-malware security appliance that provides unified threat management and protection the PIX does not. Other Cisco devices and systems include routers, switches, storage networking, wireless and the software and hardware for PIX Firewall Manager (PFM), PIX Device Manager (PDM) and Adaptive Security Device Manager (ASDM).

Cisco

Hardware-based firewalls provide more sophisticated protection for inbound and outbound traffic than the simple Windows software firewall or the basic NAT firewalls found in routers. These devices implement techniques such as stateful packet inspection, deep packet inspection, and content filtering; and may include built-in antivirus and anti-malware protection.

Hardware Firewalls

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.