1-2
Cisco ASA Series CLI Configuration Guide
Chapter 1 Adding a Standard Access Control List
Default Settings
•
•
Additional Guidelines and Limitations, page 1-2
Context Mode Guidelines
Supported in single context mode only.
Firewall Mode Guidelines
Supported in routed and transparent firewall modes.
IPv6 Guidelines
Supports IPv6.
Additional Guidelines and Limitations
The following guidelines and limitations apply for standard Access Lists:
•
Standard ACLs identify the destination IP addresses (not source addresses) of OSPF routes and can
be used in a route map for OSPF redistribution. Standard ACLs cannot be applied to interfaces to
control traffic.
•
To add additional ACEs at the end of the access list, enter another
access-list
command, specifying
the same access list name.
•
When used with the
access-group
command, the
deny
keyword does not allow a packet to traverse
the ASA. By default, the ASA denies all packets on the originating interface unless you specifically
permit access.
•
When specifying a source, local, or destination address, use the following guidelines:
–
Use a 32-bit quantity in four-part, dotted-decimal format.
–
Use the keyword
any
as an abbreviation for an address and mask of 0.0.0.0.0.0.0.0.
–
Use the
host
ip_address
option as an abbreviation for a mask of 255.255.255.255.
•
You can disable an ACE by specifying the keyword
inactive
in the
access-list
command.
Default Settings
lists the default settings for standard Access List parameters.
Table 1-1
Default Standard Access List Parameters
Parameters
Default
deny
The ASA denies all packets on the originating
interface unless you specifically permit access.
Access list logging generates system log message
106023 for denied packets. Deny packets must be
present to log denied packets.
Summary of Contents for 5505 - ASA Firewall Edition Bundle
Page 28: ...Glossary GL 24 Cisco ASA Series CLI Configuration Guide ...
Page 61: ...P A R T 1 Getting Started with the ASA ...
Page 62: ......
Page 219: ...P A R T 2 Configuring High Availability and Scalability ...
Page 220: ......
Page 403: ...P A R T 2 Configuring Interfaces ...
Page 404: ......
Page 499: ...P A R T 2 Configuring Basic Settings ...
Page 500: ......
Page 533: ...P A R T 2 Configuring Objects and Access Lists ...
Page 534: ......
Page 601: ...P A R T 2 Configuring IP Routing ...
Page 602: ......
Page 745: ...P A R T 2 Configuring Network Address Translation ...
Page 746: ......
Page 845: ...P A R T 2 Configuring AAA Servers and the Local Database ...
Page 846: ......
Page 981: ...P A R T 2 Configuring Access Control ...
Page 982: ......
Page 1061: ...P A R T 2 Configuring Service Policies Using the Modular Policy Framework ...
Page 1062: ......
Page 1093: ...P A R T 2 Configuring Application Inspection ...
Page 1094: ......
Page 1191: ...P A R T 2 Configuring Unified Communications ...
Page 1192: ......
Page 1333: ...P A R T 2 Configuring Connection Settings and QoS ...
Page 1334: ......
Page 1379: ...P A R T 2 Configuring Advanced Network Protection ...
Page 1380: ......
Page 1475: ...P A R T 2 Configuring Modules ...
Page 1476: ......
Page 1549: ...P A R T 2 Configuring VPN ...
Page 1550: ......
Page 1965: ...P A R T 2 Configuring Logging SNMP and Smart Call Home ...
Page 1966: ......
Page 2059: ...P A R T 2 System Administration ...
Page 2060: ......
Page 2098: ...1 8 Cisco ASA Series CLI Configuration Guide Chapter 1 Troubleshooting Viewing the Coredump ...
Page 2099: ...P A R T 2 Reference ...
Page 2100: ......