Junior-Auditor
asked on
ACL applied the wrong way on an Interface, what will happen
I have DMZ, INSIDE, OUTSIDE interfaces on my cisco PIX firewall
DMZAL access list applied on DMZ interface in
INSIDEAL access list applied on inside interface in
1- "access-list dmzAL extended permit ip interface DMZ interface inside"
2- "access-list dmzAL extended permit ip interface inside interface DMZ"
3- "access-list insideAL extended permit ip interface inside interface DMZ"
4- "access-list insideAL extended permit ip interface DMZ interface inside"
If I am not mistaken 2 and 4 have no impact since for "2" the source in inside and dest is DMZ which is not the way the access list DMZAL is applied (dmz is source)
and same applied with insideAL..
Am I mistaken or will there be some other access granted?
DMZAL access list applied on DMZ interface in
INSIDEAL access list applied on inside interface in
1- "access-list dmzAL extended permit ip interface DMZ interface inside"
2- "access-list dmzAL extended permit ip interface inside interface DMZ"
3- "access-list insideAL extended permit ip interface inside interface DMZ"
4- "access-list insideAL extended permit ip interface DMZ interface inside"
If I am not mistaken 2 and 4 have no impact since for "2" the source in inside and dest is DMZ which is not the way the access list DMZAL is applied (dmz is source)
and same applied with insideAL..
Am I mistaken or will there be some other access granted?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Typically this is how I set mine up....
ASA 5500 Adding a DMZ Step By Step
Pete