Related Category

General

Search

Enter Search:

Other  

Login

Username:
Password:

Premium Articles

Latest News

XML

 rss

 Add to My Yahoo!

 rss yahoo

 rss yahoo

 Add to My AOL

You are here: Articles > Networking > Cisco

  See more articles about "Cisco "

Changing an ACL on a Cisco Firewall

 

Although changing an ACL on a Firewall is almost exactly like a router, there are a couple nuances that people should know. Here are some tips and best practice material.

1. When you remove an access-list, it is automatically removed from the interface. *This is a nice change from routers where you have the potential to lock yourself out.



2. Firewalls don't use wildcard masks!!!



3. Only one access-list, in one direction, is allowed on an interface.



4. Access-list are re-applied to an interface with the following syntax:



access-group [access-list name] [in / out] interface [interface name]

i.e. access-group outgoing out interface outside



5. It's a best practice to remove the entire access-list and alter it in notepad, then re-apply it to the interface.



6. As with all access-lists, the PIX reads it from top to bottom, so pay attention to the order you place your statements.



7. As with all access-lists, there is an implicit deny all statement at the end of all access-lists.



8. The syntax for a normal access-list statement is;

access-list [access-list name / number] [permit / deny] [tcp / udp/ icmp(ect)] [source] [destination] eq [port]

i.e. #access-list 12 permit 192.168.1.10 255.255.255.255 any

#access-list 101 permit tcp any host 192.168.1.24 eq telnet

# access-list blocker deny icmp any any

# access-list acl_out permit tcp any host 192.168.1.50 eq 80

 

Also see ...

Cisco Router: Soft and Hard boot of BGP
H3Simple commands to reset BGP as a first step troubleshooting technique/H3PThere are two types of BGP "reboot" commands: soft and hard. You can also reset BGP in the direction of traffic flow with a soft reboot. br / br /div class="code"Router> clear ip bgp * soft in br /  o

Serial Point-to-Point Encapsulation Explained
H3This is an explanation of serial connection encapsulation (HDLC / PPP) and suggestions on it's use./H3PThere are a couple of different encapsulation methods for PtP connections. Making sure you choose the correct one for your network can be a daunting task. Hopefully, this article will pro

Cisco 2950 switch password recovery
H3This documents the procedure for performing a password recovery on a Cisco 2950 switch (and probably other models, as well)./H3P1. Unplug the power cable br / br /2. Hold down the mode button while replugging the power cable br / br /3. Type span style="font weight: bold"flash_ini

How to use Microsoft IAS with Cisco VPN concentrator/ASA/PIX
H3VPN setup shows how to use IAS with VPN concentrator, ASA, or PIX. Basically, every vpn user connects with the same PCF file and enters into a group. When their username gets authenticated with ActiveDirectory, AD returns a group name to the CVPN/ASA/PIX and the pix puts them in that group./H3

Cisco Switch 2900/2950: Display VLAN information
H3Knowing the commands to display configuration information about Virtual LANs (VLANs) is as important as knowing the commands to configure them. The commands here display information about all VLANs or a single VLAN by number or name./H3PAll of these commands must be run from privileged mode