Re: about access-list location?

["Mike Heitz" <mikeheitz46 () msn com>]

Hey SB,

I think you may have some terms mixed up. An Extended Access list is a 
different type of access list than a standard access list. Here's a snippet 
from my Cisco book to help you differentiate the two:

"A standard access list is limited in functioality because it only allows 
filtering based upon source address. In comparison, an extended access list 
extends packet filtering, enabling you to filter packets based upon both 
source and destination address and upper layer application data."

So, the standard access list is pretty restricted in what it can do... an 
extended access list can perform all sorts of tricks.

What I think you are referring to in your question is whether or not the 
access list is applied to an inbound or outbound interface and where that 
interface sits in relation to your network and the flow of traffic. So, for 
example, you have a router with an interface connected to your T1 and 
another interface connected to you internal LAN. You can apply the access 
list to either interface, and also specify whether to apply the list to 
inbound or outbound traffic.

I hope that makes sense... if I've made any mis-representations, I hope 
someone can clarify for us.

Hope it helps

Mike Heitz
CCNA, MCP


> From: "SB CH" <chulmin2 () hotmail com>
> To: security-basics () securityfocus com
> Subject: about access-list location?
> Date: Sun, 22 Jun 2003 15:50:45 +0000
>
> Hello.
>
> I have a question about the "access-list" of the cisco.
>
> some say, extended access list is located near source and  standard access 
> list is located near destination.
>
> I have no idea why I should like this.
>
> Thanks in advance.
>
> _________________________________________________________________
> º¸´Ù ºü¸£°í º¸±â ÆíÇÑ ´º½º. ¿À´ÃÀÇ È­Á¦´Â MSN ´º½º¿¡¼­ È®ÀÎÇϼ¼¿ä.   
> http://www.msn.co.kr/news/
>
>
> ---------------------------------------------------------------------------
> Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
> The Gartner Group just put Neoteris in the top of its Magic Quadrant,
> while InStat has confirmed Neoteris as the leader in marketshare.
>     Find out why, and see how you can get plug-n-play secure remote access 
> in
> about an hour, with no client, server changes, or ongoing maintenance.
>          Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
> ----------------------------------------------------------------------------

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail


---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
    
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
         
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------