ASA2:
access-list GLOBAL remark *** PERMIT TASK TRAFFIC ***
access-list GLOBAL extended permit icmp host 150.1.22.22 any echo
access-list GLOBAL extended permit tcp any host 172.16.10.100 eq 80
access-list GLOBAL extended permit tcp any host 172.16.10.100 eq 3389
access-list GLOBAL extended permit udp any host 172.16.10.100 eq 514
access-list GLOBAL remark *** PERMIT RESTRICTED TRAFFIC DUE TO USING GLOBAL ACL ***
access-list GLOBAL permit ip 172.16.10.0 255.255.255.0 136.1.29.0 255.255.255.0
access-list GLOBAL permit ip 172.16.10.0 255.255.255.0 host 150.1.22.22
access-list GLOBAL permit ip 136.1.19.0 255.255.255.0 any
access-list GLOBAL permit ip 136.1.27.0 255.255.255.0 any
access-list GLOBAL permit ip host 150.1.11.11 any
!
access-group GLOBAL global
Why do we need to permit restricted traffic due to using global ACL? As per the task, we have permitted inbound traffic. As Inbound traffic will first check the Interface ACL then checking Global ACL's, so isn't these permit statements be present in Interface ACL instead of being in Global ACL's ??