CHAPTER
15-1
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
15
Using the ACL Manager
The ACL Manager dialog box lets you define access control lists (ACLs) to control the access of a
specific host or network to another host/network, including the protocol or port that can be used.
You can configure ACLs (access control lists) to apply to user sessions. These are filters that permit or
deny user access to specific networks, subnets, hosts, and web servers.
• If you do not define any filters, all connections are permitted.
• The adaptive security appliance supports only an inbound ACL on an interface.
• At the end of each ACL, there is an implicit, unwritten rule that denies all traffic that is not
permitted. If traffic is not explicitly permitted by an access control entry (ACE), the adaptive
security appliance denies it. ACEs are referred to as rules in this section.
Standard ACL
This pane provides summary information about standard ACLs and lets you add or edit ACLs and ACEs.
Standard access lists identify the destination IP addresses of OSPF routes and can be used in a route map
for OSPF redistribution. Standard access lists cannot be applied to interfaces to control traffic.
Fields
• Add—Lets you add a new ACL. When you highlight an existing ACL, it lets you add a new ACE
for that ACL.
• Add IPv6—Lets you add an ACL for traffic with IPv6 addresses.
• Add ACE—Lets you add an access control entry (ACE), or access rule, specifying the source
address, destination address, and service.
• Edit—Opens the Edit ACE dialog box, in which you can change an existing access control list rule.
• Delete—Removes an ACL or ACE. There is no confirmation or undo.
• Move Up/Move Down—Changes the position of a rule in the ACL Manager table.
• Cut—Removes the selection from the ACL Manager table and places it on the clipboard.
• Copy—Places a copy of the selection on the clipboard.
• Paste—Opens the Paste ACE dialog box, in which you can create a new ACL rule from an existing
rule.
• No—Indicates the order of evaluation for the rule. Implicit rules are not numbered, but are
represented by a hyphen.
• Address—Displays the IP address or URL of the application or service to which the ACE applies.
To Next Page
Loading...
Need help?
General
