Hi all, I haven't looked at PIX's before. I'm trying to interpret an
existing configuration. With 'outbound' access lists, is there an implied
'deny all' as per normal IOS access lists? The cisco docs say:
- If there are no 'outbound' access lists, all outbound traffic is allowed
- If there is an access list, the rule that is the best match is used
What happens if there is no match?
eg. If I have:
outbound 1 deny 10.10.0.0 255.255.0.0 0 0
outbound 1 permit 10.10.1.1 255.255.255.255 80 tcp
apply (inside) 1 outgoing_dest
And then try to connect out to 202.2.2.2, does the connection go through or
not?
In the docs Cisco recommend you put a 'deny all' rule first, so it seems
that there is no implied one?
Thanks in advance.
Darryl Luff
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
