The downloaded ACL supersedes the existing ACL provided you use "per-user-override" keyword.
With regards Kings CCNA,CCSP,CCNP,CCIP,CCIE 35914 (Security) On Mon, Aug 13, 2012 at 10:24 PM, Karthik sagar <[email protected]> wrote: > When we have downloadable ACLs with CTP, doe the ASA merge the downloaded > ACL with existing interface ACL or is it evaluated separately? > > > My interface ACL : > ASA1# show run access-list > access-list ACLoutside extended permit icmp host 10.0.0.100 any > access-list ACLoutside extended permit tcp any host 10.0.0.10 eq 443 > access-list ACLoutside extended permit tcp any host 10.0.0.100 > access-list ACLoutside extended permit tcp any any eq telnet > > I downloaded this ACL from ACS > > access-list #ACSACL#-IP-permittelneticmp-50292018; 2 elements (dynamic) > access-list #ACSACL#-IP-permittelneticmp-50292018 line 1 extended permit > icmp any any (hitcnt=0) 0xb3fbb06b > access-list #ACSACL#-IP-permittelneticmp-50292018 line 2 extended permit > tcp any any eq telnet (hitcnt=1) 0x60818a28 > > > Now, my https traffic to 10.0.0.10 would not pass through unless i cleared > uauth . > > Regards, > Karthik > > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > > Are you a CCNP or CCIE and looking for a job? Check out > www.PlatinumPlacement.com >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com Are you a CCNP or CCIE and looking for a job? Check out www.PlatinumPlacement.com
