透明墙的情况下
每个接口有两个方向:
一个接口一个方向可以有两个:1个是扩展acl ;2个ether-type
名字不能一样
access-list out extended deny icmp any any
access-list out1 ethertype deny any
access-group out1 in interface Outside
access-group out in interface Outside
路由墙的情况下
每个接口有两个方向:
一个接口一个方向可以有两个:1个是扩展 acl ;2个ipv6
名字不能一样
ASA(config)# sh run access-list
access-list out extended permit icmp any any
ASA(config)# sh run ipv6
ipv6 access-list out1 deny tcp any any
access-group out in interface Outside
access-group out1 in interface Outside
还有一种web-type类型ACL用于ASA SSL ×××