RE: [fw-wiz] Cisco acls

From: Ben Nagy (ben_at_iagu.net)
Date: 03/02/05

  • Next message: Behm, Jeffrey L.: "RE: [fw-wiz] Cisco acls"
    To: "'Eric Appelboom'" <eric@mweb.com>, <firewall-wizards@honor.icsalabs.com>
    Date: Wed, 2 Mar 2005 10:11:46 +0100
    
    

    That's right.

    Also, as you paste in the ACL, the protection is applied incrementally (line
    by line). A common mistake is to include a rule in the paste which kills the
    connection you are pasting from - leading to "half pasted" ACLs.

    I used to create new access lists as a separate number, change the 'ip
    access-group blah in' statement on the interface where they are applied,
    then delete the old one. Then again that's a while ago now, not sure if
    there is a funkier way to do it these days.

    Cheers,

    ben

    > -----Original Message-----
    > From: firewall-wizards-admin@honor.icsalabs.com
    > [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf
    > Of Eric Appelboom
    > Sent: Tuesday, March 01, 2005 4:53 PM
    > To: firewall-wizards@honor.icsalabs.com
    > Subject: [fw-wiz] Cisco acls
    >
    >
    > Hi,
    >
    > I would appreciate some comments with regard to the extensive use of
    > cisco routers acls
    > To protect numerous networks.
    >
    > My concern is that when someone amends an access-list one generally
    > enters, no access-list 177 and
    > Then pastes in the new access list. Does this mean that for a
    > period of
    > time there is no protection on the
    > Network that the acls applies?
    >
    > Best Regards
    > Eric
    > MWEB: S.A.'s trusted Internet Service Provider. Just Like that.
    > To join, click here or call 08600 32000.
    > _______________________________________________
    > firewall-wizards mailing list
    > firewall-wizards@honor.icsalabs.com
    > http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards


  • Next message: Behm, Jeffrey L.: "RE: [fw-wiz] Cisco acls"

    Relevant Pages

    • Re: [fw-wiz] Cisco acls
      ... Each ACL has an implicit "access-list x deny ip any any" at the end. ... > Network that the acls applies? ... > Best Regards ...
      (Firewall-Wizards)
    • RE: [fw-wiz] Cisco acls
      ... In my experience, I've only used ACLs on a router as a broad filter, ... contained the no access-group in, no access-list, etc. so you'd just ...
      (Firewall-Wizards)
    • Re: [fw-wiz] Cisco acls
      ... If you have a tftp server handy you can tftp the modified ACLs section ... To answer your question, yes, manually pasting will leave your router ... > To protect numerous networks. ...
      (Firewall-Wizards)
    • [fw-wiz] RE: Cisco acls
      ... A good solution is to create a NEW ACL with your new rules, and then apply that to the relevant interfaces. ... I would appreciate some comments with regard to the extensive use of ... To protect numerous networks. ... Network that the acls applies? ...
      (Firewall-Wizards)
    • RE: [fw-wiz] Cisco acls
      ... In my experience, I've only used ACLs on a router as a broad filter, ... contained the no access-group in, no access-list, etc. so you'd just ...
      (Firewall-Wizards)