Tcp Connection; Source Address; Network List - Cisco VPN 3000 User Manual

Click the drop-down menu button and select the protocol to which this rule applies.

TCP Connection

Click the drop-down menu button and select whether this rule applies to packets from established TCP
connections. For example, you might want a rule to forward only those TCP packets that originate from
established connections on the public network interface, to provide maximum protection against
"spoofing." The choices are:

Source Address

Specify the packet source address that this rule checks; i.e., the address of the sender.

Network List

Click the drop-down menu button and select the configured network list that specifies the source
addresses. A network list is a list of network addresses that are treated as a single object. See the
Configuration | Policy Management | Traffic Management | Network Lists
If you select a configured network list, the Manager ignores entries in the IP Address and Wildcard-mask
fields.
VPN 3000 Concentrator Series User Guide
Configuration | Policy Management | Traffic Management | Rules | Add, Modify, or Copy
Any = Any protocol [255] (the default selection).
ICMP = Internet Control Message Protocol [1] (used by ping , for example). If you select this
protocol, you should also configure ICMP Packet Type .
TCP = Transmission Control Protocol [6] (connection-oriented; e.g., FTP, HTTP, SMTP, and Telnet).
If you select this protocol, you should configure TCP Connection and TCP/UDP Source Port or
.
Destination Port
EGP = Exterior Gateway Protocol [8] (used for routing to exterior networks).
IGP = Interior Gateway Protocol [9] (used for routing within a domain).
= User Datagram Protocol [17] (connectionless; e.g., SNMP). If you select this protocol, you
UDP
should also configure TCP/UDP Source Port or Destination Port .
= Encapsulation Security Payload [50] (applies to IPSec).
ESP
AH = Authentication Header [51] (applies to IPSec).
GRE = Generic Routing Encapsulation [47] (used by PPTP).
= Resource Reservation Protocol [46] (reserves bandwidth on routers).
RSVP
IGMP = Internet Group Management Protocol [2] (used in multicasting).
OSPF = Open Shortest Path First [89] (interior routing protocol).
= Other protocol not listed here. If you select Other here, you must enter the IANA-assigned
Other
protocol number in the Other field.
Established = Apply rule to packets from established TCP connections only.
Don't Care = Apply rule to any TCP packets, whether from established connections or new
connections (the default selection).
Use IP Address/Wildcard-mask below , which lets you enter a network address.
screens. Otherwise, you can select:
13-15