RE: [fw-wiz] Cisco acls

• Previous message: Anthony de Boer: "Re: [fw-wiz] Username password VS hardware token plus PIN"
• In reply to: Eric Appelboom: "[fw-wiz] Cisco acls"
• Next in thread: Behm, Jeffrey L.: "RE: [fw-wiz] Cisco acls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'Eric Appelboom'" <eric@mweb.com>, <firewall-wizards@honor.icsalabs.com>
Date: Wed, 2 Mar 2005 10:11:46 +0100

That's right.

Also, as you paste in the ACL, the protection is applied incrementally (line
by line). A common mistake is to include a rule in the paste which kills the
connection you are pasting from - leading to "half pasted" ACLs.

I used to create new access lists as a separate number, change the 'ip
access-group blah in' statement on the interface where they are applied,
then delete the old one. Then again that's a while ago now, not sure if
there is a funkier way to do it these days.

Cheers,

ben

> -----Original Message-----
> From: firewall-wizards-admin@honor.icsalabs.com
> [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf
> Of Eric Appelboom
> Sent: Tuesday, March 01, 2005 4:53 PM
> To: firewall-wizards@honor.icsalabs.com
> Subject: [fw-wiz] Cisco acls
>
>
> Hi,
>
> I would appreciate some comments with regard to the extensive use of
> cisco routers acls
> To protect numerous networks.
>
> My concern is that when someone amends an access-list one generally
> enters, no access-list 177 and
> Then pastes in the new access list. Does this mean that for a
> period of
> time there is no protection on the
> Network that the acls applies?
>
> Best Regards
> Eric
> MWEB: S.A.'s trusted Internet Service Provider. Just Like that.
> To join, click here or call 08600 32000.
> _______________________________________________
> firewall-wizards mailing list
> firewall-wizards@honor.icsalabs.com
> http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

• Previous message: Anthony de Boer: "Re: [fw-wiz] Username password VS hardware token plus PIN"
• In reply to: Eric Appelboom: "[fw-wiz] Cisco acls"
• Next in thread: Behm, Jeffrey L.: "RE: [fw-wiz] Cisco acls"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: [fw-wiz] Cisco acls ... Each ACL has an implicit "access-list x deny ip any any" at the end. ... > Network that the acls applies? ... > Best Regards ... (Firewall-Wizards) RE: [fw-wiz] Cisco acls ... In my experience, I've only used ACLs on a router as a broad filter, ... contained the no access-group in, no access-list, etc. so you'd just ... (Firewall-Wizards) Re: [fw-wiz] Cisco acls ... If you have a tftp server handy you can tftp the modified ACLs section ... To answer your question, yes, manually pasting will leave your router ... > To protect numerous networks. ... (Firewall-Wizards) [fw-wiz] RE: Cisco acls ... A good solution is to create a NEW ACL with your new rules, and then apply that to the relevant interfaces. ... I would appreciate some comments with regard to the extensive use of ... To protect numerous networks. ... Network that the acls applies? ... (Firewall-Wizards) RE: [fw-wiz] Cisco acls ... In my experience, I've only used ACLs on a router as a broad filter, ... contained the no access-group in, no access-list, etc. so you'd just ... (Firewall-Wizards)