透明墙的情况下

每个接口有两个方向:

一个接口一个方向可以有两个:1个是扩展acl ;2个ether-type

名字不能一样

access-list out extended deny icmp any any

access-list out1 ethertype deny any

access-group out1 in interface Outside

access-group out in interface Outside

路由墙的情况下

每个接口有两个方向:

一个接口一个方向可以有两个:1个是扩展 acl ;2个ipv6

名字不能一样

ASA(config)# sh run access-list

access-list out extended permit icmp any any

ASA(config)# sh run ipv6

ipv6 access-list out1 deny tcp any any

access-group out in interface Outside

access-group out1 in interface Outside

还有一种web-type类型ACL用于ASA SSL ×××