EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #635 background imageLoading...
Page #635 background image
30-3
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 30 Configuring Access Rules
Information About Access Rules
Implicit Deny
Interface-specific access rules do not have an implicit deny at the end, but global rules on inbound traffic
do have an implicit deny at the end of the list, so unless you explicitly permit it, traffic cannot pass. For
example, if you want to allow all users to access a network through the adaptive security appliance
except for particular addresses, then you need to deny the particular addresses and then permit all others.
For EtherType rules, the implicit deny does not affect IPv4 or IPv6 traffic or ARPs; for example, if you
allow EtherType 8037 (the EtherType for IPX), the implicit deny at the end of the list does not block any
IP traffic that you previously allowed with an access rule (or implicitly allowed from a high security
interface to a low security interface). However, if you explicitly deny all traffic with an EtherType rule,
then IP and ARP traffic is denied.
Inbound and Outbound Rules
The adaptive security appliance supports two types of access lists:
Inbound—Inbound access lists apply to traffic as it enters an interface.
Outbound—Outbound access lists apply to traffic as it exits an interface.
Note “Inbound” and “outbound” refer to the application of an access list on an interface, either to traffic
entering the adaptive security appliance on an interface or traffic exiting the adaptive security appliance
on an interface. These terms do not refer to the movement of traffic from a lower security interface to a
higher security interface, commonly known as inbound, or from a higher to lower interface, commonly
known as outbound.
An inbound access list can bind an access list to a specific interface or apply a global rule on all
interfaces. For more information about global rules, see the “Using Global Access Rules” section on
page 30-4.
An outbound access list is useful, for example, if you want to allow only certain hosts on the inside
networks to access a web server on the outside network. Rather than creating multiple inbound access
lists to restrict access, you can create a single outbound access list that allows only the specified hosts.
(See Figure 30-1.) The outbound access list prevents any other hosts from reaching the outside network.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals