silly question

Discussion in 'Cisco' started by jason, Jul 28, 2005.

  1. jason

    jason Guest

    forgive the extremely simple question, it's been about 8 years since
    i've configured a PIX acl ruleset.

    is there a built-in default deny for all traffic between all hosts, or
    do you need to add that rule yourself?
     
    jason, Jul 28, 2005
    #1
    1. Advertising

  2. In article <>,
    jason <> wrote:
    :forgive the extremely simple question, it's been about 8 years since
    :i've configured a PIX acl ruleset.

    :is there a built-in default deny for all traffic between all hosts, or
    :do you need to add that rule yourself?

    In PIX 5.x, 6.x, the default is to deny all new flows from
    a lower security level to a higher security level.

    In PIX 5.x, 6.x, there is no way to allow flows between two interfaces
    at the same security level.

    In PIX 5.x, 6.x, if an interface has no access-group applied to it,
    then the default is to allow all new flows to lower security levels.
    However, as soon as an access-group is applied to it, the default
    changes to implicitly deny any new flows which are not explicitly permitted.
    --
    This signature intentionally left... Oh, darn!
     
    Walter Roberson, Jul 28, 2005
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Lance

    Silly question about Wi-Fi

    Lance, Sep 13, 2004, in forum: Wireless Networking
    Replies:
    3
    Views:
    506
    Lance
    Sep 13, 2004
  2. Replies:
    3
    Views:
    563
    JamesMZ
    Sep 17, 2005
  3. bolt thrower

    Silly Cisco question of the day

    bolt thrower, Oct 23, 2003, in forum: Cisco
    Replies:
    2
    Views:
    506
    Aaron Woody
    Oct 23, 2003
  4. Geoffrey Welsh

    Silly question re: Cisco Pro 2501

    Geoffrey Welsh, May 29, 2004, in forum: Cisco
    Replies:
    1
    Views:
    564
    Paul S. Brown
    May 29, 2004
  5. James Martin

    Silly Question: Downgrade exams

    James Martin, Nov 18, 2003, in forum: MCSE
    Replies:
    2
    Views:
    386
    Herb Martin
    Nov 19, 2003
Loading...

Share This Page