What is a difference between ASA IPv4 ACLs and IOS IPv4 ACLs?
- ASA ACLs are always named, whereas IOS ACLs are always numbered.
- Multiple ASA ACLs can be applied on an interface in the ingress direction, whereas only one IOS ACL can be applied.
- ASA ACLs use the subnet mask in defining a network, whereas IOS ACLs use the wildcard mask.
- ASA ACLs do not have an implicit deny any at the end, whereas IOS ACLs do.
- ASA ACLs use forward and drop ACEs, whereas IOS ACLs use permit and deny ACEs.
Explanation: There are many similarities between ASA ACLs and IOS ACLs, including:
In both, there is an implicit deny any
Only one ACL per interface, per protocol, per direction still applies.
Both use deny and permit ACEs.
ACLs can be either named or numbered.
ASA ACLs differ from IOS ACLs in that they use a network mask (e.g., 255.255.255.0) instead of a wildcard mask (e.g. 0.0.0.255). Although most ASA ACLs are named, they can also be numbered.
More Questions: CCNA Security Chapter 9 Exam Answers
More Questions: Module 21: Quiz – ASA Firewall Configuration Network Security
More Questions: CCNA Security Pretest Exam Answers