Cisco ASA 5505 Configuration Manual page 1295

Chapter 63 Configuring IKE, Load Balancing, and NAC
–
–
–
–
–
–
–
Protocol and Service—Specifies protocol and service parameters relevant to this rule.
•
Note
–
–
–
–
–
–
–
–
–
–
OL-20339-01
Group—Indicates that the parameters that follow specify the interface and group name of the
source host or network.
Interface—Choose the interface name for the IP address. This parameter appears when you
choose the IP Address option button.
IP address—Specifies the IP address of the interface to which this policy applies. This
parameter appears when you choose the IP Address option button.
Destination—Specify the IP address, network object group or interface IP address for the source
or destination host or network. A rule cannot use the same address as both the source and
destination. Click ... for either of these fields to launch the Browse dialog box that contain the
following fields:
Name—Choose the interface name to use as the source or destination host or network. This
parameter appears when you choose the Name option button. This is the only parameter
associated with this option.
Interface—Choose the interface name for the IP address. This parameter appears when you
choose the Group option button.
Group—Choose the name of the group on the specified interface for the source or destination
host or network. If the list contains no entries, you can enter the name of an existing group. This
parameter appears when you choose the Group option button.
"Any - any" IPsec rules are not allowed. This type of rule would prevent the device and its peer
from supporting multiple LAN -to-LAN tunnels.
TCP—Specifies that this rule applies to TCP connections. This selection also displays the
Source Port and Destination Port group boxes.
UDP—Specifies that this rule applies to UDP connections. This selection also displays the
Source Port and Destination Port group boxes.
ICMP—Specifies that this rule applies to ICMP connections. This selection also displays the
ICMP Type group box.
IP—Specifies that this rule applies to IP connections. This selection also displays the IP
Protocol group box.
Manage Service Groups—Displays the Manage Service Groups pane, on which you can add,
edit, or delete a group of TCP/UDP services/ports.
Source Port and Destination Port —Contains TCP or UDP port parameters, depending on
which option button you chose in the Protocol and Service group box.
Service—Indicates that you are specifying parameters for an individual service. Specifies the
name of the service and a boolean operator to use when applying the filter.
Boolean operator (unlabeled)—Lists the boolean conditions (equal, not equal, greater than,
less than, or range) to use in matching the service specified in the service box.
Service (unlabeled)—Identifies the service (such as https, kerberos, or any) to be matched. If
you specified the range service operator this parameter becomes two boxes, into which you
enter the start and the end of the range.
... —Displays a list of services from which you can choose the service to display in the Service
box.
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring IPsec
63-15