Acl Names - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
About ACLs
•
•
The following table lists some common uses for ACLs and the type to use.
Table 3-1
ACL Types and Common Uses
ACL Use
Control network access for IP traffic
(routed and transparent mode)
Identify traffic for AAA rules
Augment network access control for IP
traffic for a given user
VPN access and filtering
Identify traffic in a traffic class map for
Modular Policy Framework
For transparent firewall mode, control
network access for non-IP traffic
Identify route filtering and redistribution Standard
Filtering for clientless SSL VPN
ACL Names
Each ACL has a name or numeric ID, such as outside_in, OUTSIDE_IN, or 101. Limit the names to 241
characters or fewer.Consider using all uppercase letters to make it easier to find the name when viewing
a running configuration.
Cisco ASA Series Firewall CLI Configuration Guide
3-2
Webtype ACLs—Webtype ACLs are used for filtering clientless SSL VPN traffic. These ACLs can
deny access based on URLs or destination addresses. See
Standard ACLs—Standard ACLs identify traffic by destination address only. There are few features
that use them: route maps and VPN filters. Because VPN filters also allow extended access lists,
limit standard ACL use to route maps. See
ACL Type
Extended
Extended
Extended,
downloaded from a
AAA server per user
Extended
Standard
Extended
EtherType
Extended
Webtype
Configure Webtype ACLs, page
Configure Standard ACLs, page
Description
The ASA does not allow any traffic from a lower security
interface to a higher security interface unless it is
explicitly permitted by an extended ACL.
To access the ASA interface for management
Note
access, you do not also need an ACL allowing the
host IP address. You only need to configure
management access according to the general
operations configuration guide.
AAA rules use ACLs to identify traffic.
You can configure the RADIUS server to download a
dynamic ACL to be applied to the user, or the server can
send the name of an ACL that you already configured on
the ASA.
Group policies for remote access and site to site VPNs use
standard or extended ACLs for filtering. Remote access
VPNs also use extended ACLs for client firewall
configurations and dynamic access policies.
ACLs can be used to identify traffic in a class map, which
is used for features that support Modular Policy
Framework. Features that support Modular Policy
Framework include TCP and general connection settings,
and inspection.
You can configure an ACL that controls traffic based on
its EtherType.
Various routing protocols use standard ACLs for route
filtering and redistribution (through route maps) for IPv4
addresses, and extended ACLs for IPv6.
You can configure a webtype ACL to filter URLs and
destinations.
Chapter 3
Access Control Lists
3-14.
3-13.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
