Cisco ASA 5505 Configuration Manual page 611
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 29
Configuring a Service Policy
Source and Destination Address—This dialog box lets you set the source and destination addresses:
•
a.
b.
c.
d.
e.
g.
h.
•
Tunnel Group—Choose a tunnel group from the Tunnel Group drop-down list, or click New to add
a new tunnel group. See the
more information.
OL-20339-01
Click Match or Do Not Match.
The Match option creates a rule where traffic matching the addresses have actions applied. The
Do Not Match option exempts the traffic from having the specified actions applied. For
example, you want to match all traffic in 10.1.1.0/24 and apply connection limits to it, except
for 10.1.1.25. In this case, create two rules, one for 10.1.1.0/24 using the Match option and one
for 10.1.1.25 using the Do Not Match option. Be sure to arrange the rules so that the Do Not
Match rule is above the Match rule, or else 10.1.1.25 will match the Match rule first.
In the Source field, enter the source IP address, or click the ... button to choose an IP address
that you already defined in ASDM.
Specify the address and subnet mask using prefix/length notation, such as 10.1.1.0/24. If you
enter an IP address without a mask, it is considered to be a host address, even if it ends with a 0.
Enter any to specify any source address.
Separate multiple addresses by a comma.
In the Destination field, enter the destination IP address, or click the ... button to choose an IP
address that you already defined in ASDM.
Specify the address and subnet mask using prefix/length notation, such as 10.1.1.0/24. If you
enter an IP address without a mask, it is considered to be a host address, even if it ends with a 0.
Enter any to specify any destination address.
Separate multiple addresses by a comma.
In the Service field, enter an IP service name or number for the destination service, or click the
... button to choose a service.
If you want to specify a TCP or UDP port number, or an ICMP service number, enter
protocol/port. For example, enter TCP/8080.
By default, the service is IP.
Separate multiple services by a comma.
(Optional) Enter a description in the Description field.
(Optional) To specify a source service for TCP or UDP, click the More Options area open, and
f.
enter a TCP or UDP service in the Source Service field.
The destination service and source service must be the same. Copy and paste the destination
Service field to the Source Service field.
(Optional) To make the rule inactive, click the More Options area open, and uncheck Enable
Rule.
This setting might be useful if you do not want to remove the rule, but want to turn it off.
(Optional) To set a time range for the rule, click the More Options area open, and from the Time
Range drop-down list, choose a time range.
To add a new time range, click the ... button. See the
page 13-15
for more information.
This setting might be useful if you only want the rule to be active at predefined times.
"IPsec Remote Access Connection Profiles" section on page 64-70
Cisco ASA 5500 Series Configuration Guide using ASDM
Adding a Service Policy Rule for Through Traffic
"Configuring Time Ranges" section on
for
29-11
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
