Default settings – Cisco ASA 5505 User Manual
Page 402
17-2
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 17 Adding a Standard Access List
Default Settings
•
•
Additional Guidelines and Limitations, page 17-2
Context Mode Guidelines
Supported in single context mode only.
Firewall Mode Guidelines
Supported in routed and transparent firewall modes.
IPv6 Guidelines
Supports IPv6.
Additional Guidelines and Limitations
The following guidelines and limitations apply for standard Access Lists:
•
Standard ACLs identify the destination IP addresses (not source addresses) of OSPF routes and can
be used in a route map for OSPF redistribution. Standard ACLs cannot be applied to interfaces to
control traffic.
•
To add additional ACEs at the end of the access list, enter another access-list command, specifying
the same access list name.
•
When used with the access-group command, the deny keyword does not allow a packet to traverse
the ASA. By default, the ASA denies all packets on the originating interface unless you specifically
permit access.
•
When specifying a source, local, or destination address, use the following guidelines:
–
Use a 32-bit quantity in four-part, dotted-decimal format.
–
Use the keyword any as an abbreviation for an address and mask of 0.0.0.0.0.0.0.0.
–
Use the host ip_address option as an abbreviation for a mask of 255.255.255.255.
•
You can disable an ACE by specifying the keyword inactive in the access-list command.
Default Settings
lists the default settings for standard Access List parameters.
Table 17-1
Default Standard Access List Parameters
Parameters
Default
deny
The ASA denies all packets on the originating
interface unless you specifically permit access.
Access list logging generates system log message
106023 for denied packets. Deny packets must be
present to log denied packets.