Does CISCO ASA configuration "access-list" protocol name "ip" includes both "tcp" and "udp"?

Question

I have several lines and I wonder if some are shadowed due to this?

score 1 · Answer 1 · answered Oct 27 '13 at 03:43

1

IP, TCP, UDP, ICMP, GRE, IGRP all use IP at the Network Layer. The IP statement does include all layer 3 protocols.

answered Oct 27 '13 at 03:43

Jmot

11
1

score 1 · Answer 2 · answered Sep 05 '14 at 19:23

1

You should be careful while defining access lists. Choosing ip will cover both tcp and udp so to prevent shadowing, you should order the ACL carefully, not put the ip ACL on top.

answered Sep 05 '14 at 19:23

Piyush Nahar

21
2

score 0 · Accepted Answer · answered Dec 14 '10 at 16:27

0

yes, but it doesnt include protocols like gre etc, if you need vpn tunnels or something similar

answered Dec 14 '10 at 16:27

damir

1,898
3
16
23

This answer is incorrect. Cisco ASA command "access-list 101 extended permit ip host 1.1.1.1 host 2.2.2.2" permits all 256 IPv4 protocols from 1.1.1.1 to 2.2.2.2, including tcp, udp, and gre (which is protocol 47). – Darrell Root Oct 17 '19 at 16:57

Does CISCO ASA configuration "access-list" protocol name "ip" includes both "tcp" and "udp"?

3 Answers3