George, On PIX you can have only one acl can be applied inbound on a given interface (same as router, except router will allow one in and one out rule per interface). There is implicit deny at the end of acl just like router IOS. And pix does not use wildcard, it uses regular mask in acl.
-Keyur Shah- CCIE# 4799 (Security; Routing and Switching) css1,scsa,scna,mct,mcse,cni,mcne Hello Computers "Say Hello to Your Future!" http://www.hellocomputers.com Toll-Free: 1.877.794.3556 "Now offering CCIE Security Lab Workbook and remote bootcamp, http://www.hellocomputers.com/hellosuccess.html"; -----Original Message----- From: george gittins [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 12:57 PM To: [EMAIL PROTECTED] Subject: access-list in pix 520 [7:34512] access-list 1 deny ip 10.1.0.0 255.255.0.0 host X.X.X.X access-group 1 in interface inside once i apply it i lose outside connectivity I imagine that the same rules apply as routers a explicit deny at the end so i would have to place a allow ip any any at the end right? well what if im creating another access-list 2 for example too should i also have to place another allow statement? any particular links refering to this issue would be greatly apreaciated Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34520&t=34512 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
