Cisco ASA 5505 Configuration Manual page 614
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Adding a Service Policy Rule for Management Traffic
Destination Port—Click TCP or UDP.
•
In the Service field, enter a port number or name, or click ... to choose one already defined in ASDM.
Step 8
Click Next.
The Add Management Service Policy Rule - Rule Actions dialog box appears.
Step 9
To configure RADIUS accounting inspection, choose an inspect map from the RADIUS Accounting
Map drop-down list, or click Configure to add a map.
Cisco ASA 5500 Series Configuration Guide using ASDM
29-14
The Match option creates a rule where traffic matching the addresses have actions applied. The
Do Not Match option exempts the traffic from having the specified actions applied. For
example, you want to match all traffic in 10.1.1.0/24 and apply connection limits to it, except
for 10.1.1.25. In this case, create two rules, one for 10.1.1.0/24 using the Match option and one
for 10.1.1.25 using the Do Not Match option. Be sure to arrange the rules so that the Do Not
Match rule is above the Match rule, or else 10.1.1.25 will match the Match rule first.
In the Source field, enter the source IP address, or click the ... button to choose an IP address
b.
that you already defined in ASDM.
Specify the address and subnet mask using prefix/length notation, such as 10.1.1.0/24. If you
enter an IP address without a mask, it is considered to be a host address, even if it ends with a 0.
Enter any to specify any source address.
Separate multiple addresses by a comma.
In the Destination field, enter the destination IP address, or click the ... button to choose an IP
c.
address that you already defined in ASDM.
Specify the address and subnet mask using prefix/length notation, such as 10.1.1.0/24. If you
enter an IP address without a mask, it is considered to be a host address, even if it ends with a 0.
Enter any to specify any destination address.
Separate multiple addresses by a comma.
In the Service field, enter an IP service name or number for the destination service, or click the
d.
... button to choose a service.
If you want to specify a TCP or UDP port number, or an ICMP service number, enter
protocol/port. For example, enter TCP/8080.
By default, the service is IP.
Separate multiple services by a comma.
e.
(Optional) Enter a description in the Description field.
(Optional) To specify a source service for TCP or UDP, click the More Options area open, and
f.
enter a TCP or UDP service in the Source Service field.
The destination service and source service must be the same. Copy and paste the destination
Service field to the Source Service field.
g.
(Optional) To make the rule inactive, click the More Options area open, and uncheck Enable
Rule.
This setting might be useful if you do not want to remove the rule, but want to turn it off.
h.
(Optional) To set a time range for the rule, click the More Options area open, and from the Time
Range drop-down list, choose a time range.
To add a new time range, click the ... button. See the
page 13-15
for more information.
This setting might be useful if you only want the rule to be active at predefined times.
Chapter 29
Configuring a Service Policy
"Configuring Time Ranges" section on
OL-20339-01
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
