Cisco ASA Series Cli Configuration Manual page 580

Default Settings
•
•
Context Mode Guidelines
Supported in single context mode only.
Firewall Mode Guidelines
Supported in routed and transparent firewall modes.
IPv6 Guidelines
Supports IPv6.
Additional Guidelines and Limitations
The following guidelines and limitations apply for standard Access Lists:
•
•
•
•
•
Default Settings
Table 1-1
Table 1-1
Parameters
deny
Cisco ASA Series CLI Configuration Guide
1-2
IPv6 Guidelines, page 1-2
Additional Guidelines and Limitations, page 1-2
Standard ACLs identify the destination IP addresses (not source addresses) of OSPF routes and can
be used in a route map for OSPF redistribution. Standard ACLs cannot be applied to interfaces to
control traffic.
To add additional ACEs at the end of the access list, enter another access-list command, specifying
the same access list name.
When used with the access-group command, the deny keyword does not allow a packet to traverse
the ASA. By default, the ASA denies all packets on the originating interface unless you specifically
permit access.
When specifying a source, local, or destination address, use the following guidelines:
–
Use a 32-bit quantity in four-part, dotted-decimal format.
–
Use the keyword any as an abbreviation for an address and mask of 0.0.0.0.0.0.0.0.
–
Use the host ip_address option as an abbreviation for a mask of 255.255.255.255.
You can disable an ACE by specifying the keyword inactive in the access-list command.
lists the default settings for standard Access List parameters.
Default Standard Access List Parameters
Chapter 1 Adding a Standard Access Control List
Default
The ASA denies all packets on the originating
interface unless you specifically permit access.
Access list logging generates system log message
106023 for denied packets. Deny packets must be
present to log denied packets.