Yes there is an implicit deny any any at the end. You can only apply one access-list per interface. If you attempt to place a second one, it will just replace the first on. ( At least with 5.2 and earlier code )
Best link I can give you is: http://www.cisco.com/warp/public/110/pix_command_ref.shtml -----Original Message----- From: george gittins [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 05, 2002 3:57 PM To: [EMAIL PROTECTED] Subject: access-list in pix 520 [7:34512] access-list 1 deny ip 10.1.0.0 255.255.0.0 host X.X.X.X access-group 1 in interface inside once i apply it i lose outside connectivity I imagine that the same rules apply as routers a explicit deny at the end so i would have to place a allow ip any any at the end right? well what if im creating another access-list 2 for example too should i also have to place another allow statement? any particular links refering to this issue would be greatly apreaciated Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=34525&t=34512 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
