On Fri, 18 Jul 2003, Mitchell Rowton wrote: > I just looked this up to verify my memory, in Managing Cisco Network > Security by Michael Wenstrom (p.713) it says that undefined access list > equals permit any. I’m not saying it is true… just referencing that > book. That's a different issue. undefined access list = you referenced an access-list that does not exist. In that case, it's as if you didn't reference the access-list. I think this is a common pitfal for beginers with IOS. You need to modify an access-list, so you telnet into the router, conf t, no access-list blah, then start typing in the new version of the access-list. Hopefully, your first line is permit tcp any any est, because once you start reentering the access-list, there's the implicit deny all all at the end...so if you're getting to the router through the interface using the access-list you're modifying, you may block yourself out. For that reason, it's generally best to create a new access-list, then modify the interface config to use that new access-list. ---------------------------------------------------------------------- Jon Lewis *jlewisat_private*| I route System Administrator | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ ---------------------------------------------------------------------------- Attend the Black Hat Briefings & Training, July 28 - 31 in Las Vegas, the world's premier technical IT security event! 10 tracks, 15 training sessions, 1,800 delegates from 30 nations including all of the top experts, from CSO's to "underground" security specialists. See for yourself what the buzz is about! Early-bird registration ends July 3. This event will sell out. www.blackhat.com ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Jul 19 2003 - 08:38:06 PDT