Pantek Library
Hosting Provided By
CybrHost
High Speed Hosting
Mailing Lists: securityfocus.com > security-basics > 03 > 064822.html (Request Expert securityfocus.com Support)

Re: about access-list location?

From: Mike Heitz <mikeheitz46(at)msn.com>
Date: Mon Jun 23 2003 - 13:05:41 EDT


Hey SB,

I think you may have some terms mixed up. An Extended Access list is a different type of access list than a standard access list. Here's a snippet from my Cisco book to help you differentiate the two:

"A standard access list is limited in functioality because it only allows filtering based upon source address. In comparison, an extended access list extends packet filtering, enabling you to filter packets based upon both source and destination address and upper layer application data."

So, the standard access list is pretty restricted in what it can do... an extended access list can perform all sorts of tricks.

What I think you are referring to in your question is whether or not the access list is applied to an inbound or outbound interface and where that interface sits in relation to your network and the flow of traffic. So, for example, you have a router with an interface connected to your T1 and another interface connected to you internal LAN. You can apply the access list to either interface, and also specify whether to apply the list to inbound or outbound traffic.

I hope that makes sense... if I've made any mis-representations, I hope someone can clarify for us.

Hope it helps

Mike Heitz
CCNA, MCP
>From: "SB CH" <chulmin2@hotmail.com>
>To: security-basics@securityfocus.com
>Subject: about access-list location?
>Date: Sun, 22 Jun 2003 15:50:45 +0000
>
>Hello.


The new MSN 8: advanced junk mail protection and 2 months FREE* http://join.msn.com/?page=features/junkmail

Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare.      
Do you need help?X

Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance.           

Visit us at: http://www.neoteris.com/promos/sf-6-9.htm

Received on Tue Jun 24 18:00:13 2003

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:05:01 EDT

Contact Us  Legal Notices  Order Services Online 
Pantek Home  Privacy Policy  IT news  Site Map  Pantek Library