Cisco ASA 5505 Configuration Manual page 335
Asa 5500 series
Hide thumbs
Also See for ASA 5505:
- Getting started manual (168 pages) ,
- Administrator's manual (118 pages) ,
- Hardware installation manual (82 pages)
Table of Contents
Advertisement
Chapter 15
Using the ACL Manager
•
•
•
Modes
The following table shows the modes in which this feature is available:
Firewall Mode
Routed
•
Add/Edit/Paste ACE
The Add/Edit/Paste ACE dialog box lets you create a new extended access list rule, or modify an existing
rule. The Paste option becomes available only when you cut or copy a rule.
Fields
•
•
•
OL-20339-01
Logging—Shows the logging level and the interval in seconds between log messages (if you enable
logging for the ACL). To set logging options, including enabling and disabling logging, right-click
this column, and click Edit Log Option. The Log Options dialog box appears.
Time—Specifies the name of the time range to be applied in this rule.
Description—Shows the description you typed when you added the rule. An implicit rule includes
the following description: "Implicit outbound rule."
Security Context
Transparent Single
—
•
Action—Determines the action type of the new rule. Select either permit or deny.
Permit—Permits all matching traffic.
–
Deny—Denies all matching traffic.
–
Source/Destination—Specifies the source or destination type and, depending on that type, the other
relevant parameters describing the source or destination host/network IP Address. Possible values
are: any, IP address, Network Object Group, and Interface IP. The availability of subsequent fields
depends upon the value of the Type field:
any—Specifies that the source or destination host/network can be any type. For this value of the
–
Type field, there are no additional fields in the Source or Destination area.
IP Address—Specifies the source or destination host or network IP address. Both IPv4 and IPv6
–
addresses are supported. With this selection, the IP Address, ellipsis button, and Netmask fields
become available. Choose an IP address or host name from the drop-down list in the IP Address
field or click the ellipsis (...) button to browse for an IP address or name. Select a network mask
from the drop-down list.
Network Object Group—Specifies the name of the network object group. Choose a name from
–
the drop-down list or click the ellipsis (...) button to browse for a network object group name.
Interface IP—Specifies the interface on which the host or network resides. Select an interface
–
from the drop-down list. The default values are inside and outside. There is no browse function.
Protocol and Service—Specifies the protocol and service to which this ACE filter applies. Service
groups let you identify multiple non-contiguous port numbers that you want the ACL to match. For
example, if you want to filter HTTP, FTP, and port numbers 5, 8, and 9, define a service group that
includes all these ports. Without service groups, you would have to create a separate rule for each
port.
Multiple
Context
System
—
—
Cisco ASA 5500 Series Configuration Guide using ASDM
15-3
- Quick Links:
- Starting Asdm
- Downloading the Asdm Launcher
Hide quick links:
Advertisement
Chapters
Table of Contents
