Cisco ASA 5505 Configuration Manual page 634

Asa 5500 series
Hide thumbs Also See for ASA 5505:
Table of Contents

Advertisement

Information About Access Rules
General Information About Rules
This section describes information for both access rules and EtherType rules, and it includes the
following topics:
Implicit Permits
For routed mode, the following types of traffic are allowed through by default:
For transparent mode, the following types of traffic are allowed through by default:
For other traffic, you need to use either an access rule (IPv4), an IPv6 access rule (IPv6), or an EtherType
rule (non-IPv4/IPv6).
Using Access Rules and EtherType Rules on the Same Interface
You can apply both access rules and EtherType rules to each direction of an interface.
Rule Order
The order of rules is important. When the adaptive security appliance decides whether to forward or drop
a packet, the adaptive security appliance tests the packet against each rule in the order in which the rules
are listed. After a match is found, no more rules are checked. For example, if you create an access rule
at the beginning that explicitly permits all traffic for an interface, no further rules are ever checked.
You can disable a rule by making it inactive.
Cisco ASA 5500 Series Configuration Guide using ASDM
30-2
Implicit Permits, page 30-2
Using Access Rules and EtherType Rules on the Same Interface, page 30-2
Rule Order, page 30-2
Implicit Deny, page 30-3
Inbound and Outbound Rules, page 30-3
Using Global Access Rules, page 30-4
IPv4 traffic from a higher security interface to a lower security interface.
IPv6 traffic from a higher security interface to a lower security interface.
IPv4 traffic from a higher security interface to a lower security interface.
IPv6 traffic from a higher security interface to a lower security interface.
ARPs in both directions.
Note
ARP traffic can be controlled by ARP inspection, but cannot be controlled by an access rule.
BPDUs in both directions.
Chapter 30
Configuring Access Rules
OL-20339-01

Hide quick links:

Advertisement

Table of Contents
loading

This manual is also suitable for:

Asa 5510Asa 5540Asa 5520Asa 5550Asa 5580

Table of Contents