Cisco 4700M Configuration Manual page 31
Application control engine appliance security
Hide thumbs
Also See for 4700M:
- Administration manual (292 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Chapter 1
Configuring Security Access Control Lists
To create an extended ACL, use the access-list extended command in
configuration mode. There are two major types of extended ACLs:
•
•
You can permit or deny network connections based on the IP protocol, source and
destination IP addresses, and TCP or UDP ports. To syntax of a non-ICMP
extended ACL is as follows:
You can also permit or deny network connections based on the ICMP type (for
example, echo, echo-reply, unreachable, and so on). To syntax of an ICMP
extended ACL is as follows:
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
OL-16202-01
Non-ICMP ACLs
ICMP ACLs
access-list name [line number] extended {deny | permit}
{protocol {any | host src_ip_address | src_ip_address netmask
| object-group net_obj_grp_name} [operator port1 [port2]] {any | host
dest_ip_address | dest_ip_address netmask | object-group
net_obj_grp_name} [operator port3 [port4]]}
| {object-group service_obj_grp_name} {any | host src_ip_address
| src_ip_address netmask | object-group net_obj_grp_name} {any | host
dest_ip_address | dest_ip_address netmask | object-group
net_obj_grp_name}
access-list name [line number] extended {deny | permit}
{icmp {any | host src_ip_address | src_ip_address netmask |
object_group net_obj_grp_name} {any | host dest_ip_address |
dest_ip_address netmask | object_group network_grp_name}
[icmp_type [code operator code1 [code2]]]}
| {object-group service_obj_grp_name} {any | host src_ip_address
| src_ip_address netmask | object-group net_obj_grp_name} {any | host
dest_ip_address | dest_ip_address netmask | object-group
net_obj_grp_name}
Configuring ACLs
1-7
Advertisement
Table of Contents
