15-3
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 15 Using the ACL Manager
• Logging—Shows the logging level and the interval in seconds between log messages (if you enable
logging for the ACL). To set logging options, including enabling and disabling logging, right-click
this column, and click Edit Log Option. The Log Options dialog box appears.
• Time—Specifies the name of the time range to be applied in this rule.
• Description—Shows the description you typed when you added the rule. An implicit rule includes
the following description: “Implicit outbound rule.”
Modes
The following table shows the modes in which this feature is available:
Add/Edit/Paste ACE
The Add/Edit/Paste ACE dialog box lets you create a new extended access list rule, or modify an existing
rule. The Paste option becomes available only when you cut or copy a rule.
Fields
• Action—Determines the action type of the new rule. Select either permit or deny.
–
Permit—Permits all matching traffic.
–
Deny—Denies all matching traffic.
• Source/Destination—Specifies the source or destination type and, depending on that type, the other
relevant parameters describing the source or destination host/network IP Address. Possible values
are: any, IP address, Network Object Group, and Interface IP. The availability of subsequent fields
depends upon the value of the Type field:
–
any—Specifies that the source or destination host/network can be any type. For this value of the
Type field, there are no additional fields in the Source or Destination area.
–
IP Address—Specifies the source or destination host or network IP address. Both IPv4 and IPv6
addresses are supported. With this selection, the IP Address, ellipsis button, and Netmask fields
become available. Choose an IP address or host name from the drop-down list in the IP Address
field or click the ellipsis (...) button to browse for an IP address or name. Select a network mask
from the drop-down list.
–
Network Object Group—Specifies the name of the network object group. Choose a name from
the drop-down list or click the ellipsis (...) button to browse for a network object group name.
–
Interface IP—Specifies the interface on which the host or network resides. Select an interface
from the drop-down list. The default values are inside and outside. There is no browse function.
• Protocol and Service—Specifies the protocol and service to which this ACE filter applies. Service
groups let you identify multiple non-contiguous port numbers that you want the ACL to match. For
example, if you want to filter HTTP, FTP, and port numbers 5, 8, and 9, define a service group that
includes all these ports. Without service groups, you would have to create a separate rule for each
port.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——
To Next Page
Loading...
Need help?
General
