If I want to apply 2 different access lists to my outside interface inbound i.e access list 110 and 111 I have to combine them into 1 access list or choose the one I want to apply?
From my understanding you can only have 1 access-list per direction, per interface, per protocol. This means I can have 2 access lists 1 inbound and 1 outbound. Both can’t be in the same direction.
That’s right, you can have one inbound and one outbound access-list but that’s it. If you want access-list 110 and 110 in the same direction then you will have to combine them.
OK. Got it. I will combine them into 1 in bound access list.
Thanks.
I believe I see my error. I think I need to explicitly allow internal traffic
permit ip any <local networks> <local networks wildcard
On Cisco IOS, access-lists always have an “explicit deny” at the bottom. It’s invisible but it’s there. If you don’t permit something, it will always be denied.