Sign in with
Sign up | Sign in
Your question

Access List.

Tags:
  • Firewalls
  • Routers
  • Security
  • Networking
Last response: in Networking
Share
Anonymous
a b 8 Security
September 22, 2005 11:15:39 PM

Archived from groups: comp.security.firewalls (More info?)

Hi,

Are the Access List on my 2701 router its same as PIX 501(6.3 ver)??

Mucho appreciated.

More about : access list

Anonymous
a b 8 Security
September 23, 2005 8:45:45 AM

Archived from groups: comp.security.firewalls (More info?)

In article <1127441738.956071.3210@g44g2000cwa.googlegroups.com>,
<kennylee88@gmail.com> wrote:
: Are the Access List on my 2701 router its same as PIX 501(6.3 ver)??

Cisco doesn't have a 27xx model line. If you are referring to a 2701
model from a different manufacturer, we need to know which
manufacturer.

Cisco used to offer 1601 and 2501 routers (but not 2601 or 3601.) Cisco still
offers a 1701 ADSL router; those aren't all that common. There is also
the relatively new Cisco 2801 router.

Access lists on the Cisco 1601, 2501, and 2801 router are NOT the
same as access lists on the PIX 501 -- but they are fairly
similar.

Access lists on the PIX use netmask style masks. Access lists
on Cisco's routers use "wildcard masks", which are 2's complement
of the netmask style.

access-list 110 permit ip 10.20.30.0 255.255.255.0 any
access-list 120 permit ip 10.20.30.0 0.0.0.255 any

110 is PIX style, 120 is IOS style.


Access lists on the PIX can be named or numbered, and there is
no special significance to the name or number (a number is just
an unusual name.)

Standard and extended ccess lists on Cisco's IOS are numbered,
and the number has significance. Standard access lists under IOS
do not look similar to PIX's access-lists. Extended access lists
under IOS have a fair bit in common with PIX access lists.
Cisco also offers named access lists that use a different syntax.

access-lists on PIX can use object-groups. I don't know if
object-groups have made it into any IOS version yet.

access-lists on IOS can reference various TCP flags.
access-lists on PIX through 6.x cannot reference any TCP flags.

Logging options are different between the two.

There are probably other differences as well.
--
"No one has the right to destroy another person's belief by
demanding empirical evidence." -- Ann Landers
Anonymous
a b 8 Security
September 23, 2005 1:14:35 PM

Archived from groups: comp.security.firewalls (More info?)

Man, sorry guys, waaaaaaaay tooo much drink.
Sorry its Cisco rotuer 2621
Related resources
November 5, 2013 10:38:21 PM

Anonymous said:
Archived from groups: comp.security.firewalls (More info?)

Man, sorry guys, waaaaaaaay tooo much drink.
Sorry its Cisco rotuer 2621


Access list are the same on a 2621 as they are on a PIX 500 series firewall.

Example: access-list outside permit tcp eq 80
access-list 10 permit ip 192.168.1.0 0.0.1.255
access-list 100 permit tcp host 10.10.1.2 0.0.0.255 host 172.16.1.2 eq telnet
access-list 100 deny any any

Always put deny any any after any ACL this closes the list down and only allows what you permit.
a b 8 Security
November 6, 2013 5:27:00 AM

jakeBauer said:
Anonymous said:
Archived from groups: comp.security.firewalls (More info?)

Man, sorry guys, waaaaaaaay tooo much drink.
Sorry its Cisco rotuer 2621


Access list are the same on a 2621 as they are on a PIX 500 series firewall.

Example: access-list outside permit tcp eq 80
access-list 10 permit ip 192.168.1.0 0.0.1.255
access-list 100 permit tcp host 10.10.1.2 0.0.0.255 host 172.16.1.2 eq telnet
access-list 100 deny any any

Always put deny any any after any ACL this closes the list down and only allows what you permit.


If you are going to dig up 8 yr old posts at least put in correct information. The other answers are much more correct. A number of your sample access lists are completely invalid. And not knowing the real reason to put a deny at the end when there is a implied deny by default show you have little understanding of access lists.

November 6, 2013 3:25:19 PM

bill001g said:
jakeBauer said:
Anonymous said:
Archived from groups: comp.security.firewalls (More info?)

Man, sorry guys, waaaaaaaay tooo much drink.
Sorry its Cisco rotuer 2621


Access list are the same on a 2621 as they are on a PIX 500 series firewall.

Example: access-list outside permit tcp eq 80
access-list 10 permit ip 192.168.1.0 0.0.1.255
access-list 100 permit tcp host 10.10.1.2 0.0.0.255 host 172.16.1.2 eq telnet
access-list 100 deny any any

Always put deny any any after any ACL this closes the list down and only allows what you permit.


If you are going to dig up 8 yr old posts at least put in correct information. The other answers are much more correct. A number of your sample access lists are completely invalid. And not knowing the real reason to put a deny at the end when there is a implied deny by default show you have little understanding of access lists.



!