29-12
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 29 Configuring a Service Policy
Adding a Service Policy Rule for Management Traffic
To police each flow, check Match flow destination IP address. All traffic going to a unique IP
destination address is considered a flow.
• Destination Port—Click TCP or UDP.
In the Service field, enter a port number or name, or click ... to choose one already defined in ASDM.
• RTP Range—Enter an RTP port range, between 2000 and 65534. The maximum number of port sin
the range is 16383.
• IP DiffServ CodePoints (DSCP)—In the DSCP Value to Add area, choose a value from the Select
Named DSCP Values or enter a value in the Enter DSCP Value (0-63) field, and click Add.
Add additional values as desired, or remove them using the Remove button.
• IP Precedence—From the Available IP Precedence area, choose a value and click Add.
Add additional values as desired, or remove them using the Remove button.
Step 7 Click Next.
The Add Service Policy Rule - Rule Actions dialog box appears.
Step 8 Configure one or more rule actions. See the “Supported Features for Through Traffic” section on
page 29-1 for a list of features.
Step 9 Click Finish.
Adding a Service Policy Rule for Management Traffic
You can create a service policy for traffic directed to the adaptive security appliance for management
purposes. See the “Supported Features for Management Traffic” section on page 29-2 for more
information. This section includes the following topics:
Configuring a Service Policy Rule for Management Traffic
To add a service policy rule for management traffic, perform the following steps:
Step 1 From the Configuration > Firewall > Service Policy Rules pane, click the down arrow next to Add.
Step 2 Choose Add Management Service Policy Rule.
The Add Management Service Policy Rule Wizard - Service Policy dialog box appears.
Step 3 In the Create a Service Policy and Apply To area, click one of the following options:
• Interface. This option applies the service policy to a single interface. Interface service policies take
precedence over the global service policy for a given feature. For example, if you have a global
policy with RADIUS accounting inspection, and an interface policy with connection limits, then
both RADIUS accounting and connection limits are applied to the interface. However, if you have
a global policy with RADIUS accounting, and an interface policy with RADIUS accounting, then
only the interface policy RADIUS accounting is applied to that interface.
a. Choose an interface from the drop-down list.
If you choose an interface that already has a policy, then the wizard lets you add a new service
policy rule to the interface.
To Next Page
Loading...
Need help?
General
