Firewall Wizards mailing list archives
Re: PIX - acl breaks implicit outbound rule
From: "Richard Shaw" <richard () aggress net>
Date: Thu, 24 May 2007 09:11:09 +0100
Cheers Paul, Yeah the most obvious solution was in fact the correct solution. I put the rule back in manually and all appeared fine. But then the whole PIX hung and I had to reboot it, whoops :) On 5/23/07, Paul Melson <pmelson () gmail com> wrote:
> However, it replaces the implicit outbound rule for Interface2 and breaks all other outbound traffic on > the interface. My question is, what can I append to the above access group to put the outbound rule > back in? As far as I know, you can't. You will need to explicitly declare the previously implied rule: access-list Interface2toInterface1 deny ip 10.0.5.0 netmask 255.255.255.0 10.0.0.0 255.0.0.0 any access-list Interface2toInterface1 permit ip 10.0.5.0 netmask 255.255.255.0 any PaulM
_______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- PIX - acl breaks implicit outbound rule Richard Shaw (May 23)
- Re: PIX - acl breaks implicit outbound rule Paul Melson (May 23)
- Re: PIX - acl breaks implicit outbound rule Richard Shaw (May 25)
- Re: PIX - acl breaks implicit outbound rule James (May 25)
- Re: PIX - acl breaks implicit outbound rule Paul Melson (May 23)