EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #615 background imageLoading...
Page #615 background image
29-15
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 29 Configuring a Service Policy
Managing the Order of Service Policy Rules
See the “Supported Features for Management Traffic” section on page 29-2 for more information.
Step 10 To configure connection settings, see the “Configuring Connection Settings” section on page 48-8.
Step 11 Click Finish.
Managing the Order of Service Policy Rules
The order of service policy rules on an interface or in the global policy affects how actions are applied
to traffic. See the following guidelines for how a packet matches rules in a service policy:
A packet can match only one rule in a service policy for each feature type.
When the packet matches a rule that includes actions for a feature type, the adaptive security
appliance does not attempt to match it to any subsequent rules including that feature type.
If the packet matches a subsequent rule for a different feature type, however, then the adaptive
security appliance also applies the actions for the subsequent rule.
For example, if a packet matches a rule for connection limits, and also matches a rule for application
inspection, then both rule actions are applied.
If a packet matches a rule for application inspection, but also matches another rule that includes
application inspection, then the second rule actions are not applied.
If your rule includes an access list with multiple ACEs, then the order of ACEs also affects the packet
flow. The FWSM tests the packet against each ACE in the order in which the entries are listed. After a
match is found, no more ACEs are checked. For example, if you create an ACE at the beginning of an
access list that explicitly permits all traffic, no further statements are ever checked.
To change the order of rules or ACEs within a rule, perform the following steps:
Step 1 From the Configuration > Firewall > Service Policy Rules pane, choose the rule or ACE that you want
to move up or down.
Step 2 Click the Move Up or Move Down cursor (see Figure 29-1).
Figure 29-1 Moving an ACE

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals