ACL Manager
Client Access Rules
The Client Access Rules table on this dialog box lets you view up to 25 client access rules. If you
uncheck the Inherit check box, the Add, Edit, and Delete buttons become active and the following
column headings appear in the table:
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Add/Edit Client Access Rule
The Add or Edit Client Access Rule dialog box adds a new client access rule for an IPsec group policy
or modifies an existing rule.
Fields
•
•
•
•
Cisco ASA 5500 Series Configuration Guide using ASDM
64-28
Priority—Shows the priority for this rule.
–
Action—Specifies whether this rule permits or denies access.
–
Client Type—Specifies the type of VPN client to which this rule applies, software or hardware,
–
and for software clients, all Windows clients or a subset.
VPN Client Version—Specifies the version or versions of the VPN client to which this rule
–
applies. This column contains a comma-separated list of software or firmware images
appropriate for this client.
Security Context
Transparent Single
—
•
Priority—Shows the priority for this rule.
Action—Specifies whether this rule permits or denies access.
VPN Client Type—Specifies the type of VPN client to which this rule applies, software or hardware,
and for software clients, all Windows clients or a subset. Some common values for VPN Client Type
include VPN 3002, PIX, Linux, * (matches all client types), Win9x (matches Windows 95, Windows
98, and Windows ME), and WinNT (matches Windows NT, Windows 2000, and Windows XP). If
you choose *, do not configure individual Windows types such as Windows NT.
VPN Client Version—Specifies the version or versions of the VPN client to which this rule applies.
This box contains a comma-separated list of software or firmware images appropriate for this client.
The following caveats apply:
You must specify the software version for this client. You can specify * to match any version.
–
Your entries must match exactly those on the URL for the VPN client, or the TFTP server for
–
the VPN 3002.
The TFTP server for distributing the hardware client image must be a robust TFTP server.
–
If the client is already running a software version on the list, it does not need a software update.
–
If the client is not running a software version on the list, an update is in order.
A VPN client user must download an appropriate software version from the listed URL.
–
Multiple
Context
System
—
—
Chapter 64
General VPN Setup
OL-20339-01