Thanks Priscilla, the " fist example permits TCP coming into the outside interface. The second example permits traffic coming into the inside interface." Made the concept clear.
Thanks again. Ismail Al-Shelh Abdulla Fouad Company Network Engineer CD-Dammam -----Original Message----- From: Priscilla Oppenheimer [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 10:37 PM To: [EMAIL PROTECTED] Subject: RE: access-group difference [7:62769] This must be on PIX? The syntax isn't quite right for IOS. Ismail Al-Shelh wrote: > > Can someone explain the difference between the following > access-group > commands and the impact of each access-list binded with those > interfaces? > > access-list acl_in permit tcp any any The "acl_in" is just a name for the access list. You can call it anything you want. This is permitting TCP with any source and destination address. > access-group acl_out in interface outside This wouldn't do anything because the name "acl_out" doesn't exist. Was that a typo? > > and > > Access-list acl_in permit tcp any any > access-group acl_in in interface inside PIX access lists are always for traffic coming into the specified interface, from what I can tell. The "in interface" is part of the comamnd. It's not optional. So, do you want to permit TCP traffic coming into the outside interface, or do you want to permit TCP traffic coming into the inside interface? "Coming into" refers to traffic from the connected network entering the interface, as opposed to traffic sent by the interface, which would be "out" on Cisco IOS. Your fist example permits TCP coming into the outside interface. The second example permits traffic coming into the inside interface. _______________________________ Priscilla Oppenheimer www.troubleshootingnetworks.com www.priscilla.com > > Regards, > Ismail Al-Shelh Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63081&t=62769 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]