30-8
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 30 Configuring Access Rules
Configuring Access Rules
• Deny—Denies access if the conditions are matched.
Step 5 In the Source field, enter an IP address that specifies the network, interface IP, or any address from which
traffic is permitted or denied to the specified destination.
For more information about enabling IPv6 on an interface, see Chapter 8, “Configuring Interfaces.”
Step 6 In the Destination field, enter an IP address that specifies the network, interface IP, or any address to
which traffic is permitted or denied from the source specified in the Source field.
Step 7 Select the service type.
Step 8 (Optional) To add a time range to your access rule that specifies when traffic can be allowed or denied,
click More Options to expand the list.
a. To the right of the Time Range drop down list, click the browse button.
The Browse Time Range dialog box appears.
b. Click Add.
The Add Time Range dialog box appears.
c. In the Time Range Name field, enter a time range name, with no spaces.
d. Choose the Start Time and the End Time.
e. To specify additional time constraints for the time range, such as specifying the days of the week or
the recurring weekly interval in which the time range will be active, click Add, and choose the
specifications.
f. Click OK to apply the optional time range specifications.
Step 9 (Optional) In the Description field, add a text description about the access rule.
The description can contain multiple lines; however, each line can be no more than 100 characters in
length.
Step 10 (Optional) Logging is enabled by default. You can disable logging by unchecking the check box, or you
can change the logging level from the drop-down list. The default logging level is Informational.
Step 11 Click OK. The access rule appears with the newly configured access rules.
Step 12 Click Apply to save the access rule to your configuration.
Note After you add access rules, you can click the following radio buttons to filter which access rules appear
in the main pane: IPv4 and IPv6, IPv4 Only, or IPv6 Only.
Adding an EtherType Rule (Transparent Mode Only)
The EtherType Rules window shows access rules based on packet EtherTypes. EtherType rules are used
to configure non-IP related traffic policies through the adaptive security appliance when operating in
transparent mode. In transparent mode, you can apply both extended and EtherType access rules to an
interface. EtherType rules take precedence over the extended access rules.
For more information about EtherType rules, see the “Information About Access Rules” section on
page 30-1.
To add an EtherType rule, perform the following steps: