30-10
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 30 Configuring Access Rules
Configuring Access Rules
• No—Indicates the order of evaluation for the rule.
• Action—Permit or deny action for this rule.
• Ethervalue—EtherType value: IPX, BPDU, MPLS-Unicast, MPLS-Multicast, or a 16-bit
hexadecimal value between 0x600 (1536) and 0xffff by which an EtherType can be identified.
• Interface—Interface to which the rule is applied.
• Direction Applied—Direction for this rule: incoming traffic or outgoing traffic.
• Description—Optional text description of the rule.
Add/Edit EtherType Rule
The Add/Edit EtherType Rules dialog box lets you add or edit an EtherType rule.
For more information about EtherType rules, see the “Information About Access Rules” section on
page 30-1.
Fields
• Action—Permit or deny action for this rule.
• Interface—Interface name for this rule.
• Apply rule to—Direction for this rule: incoming traffic or outgoing traffic.
• Ethervalue—EtherType value: BPDU, IPX, MPLS-Unicast, MPLS-Multicast, any (any value
between 0x600 and 0xffff), or a 16-bit hexadecimal value between 0x600 (1536) and 0xffff by which
an EtherType can be identified.
• Description—Optional text description of the rule.
Configuring Management Access Rules
Access Rules specifically permit or deny traffic to or from a particular peer (or peers), while
Management Access Rules provide access control for to-the-box traffic. For example, in addition to
detecting IKE Denial of Service attacks, you can block them using management access rules.
To add a Management Access Rule, perform the following steps:
Step 1 Choose Configuration > Device Management > Management Access > Management Access Rules.
Step 2 Click Add, and choose one of the following actions:
• Add Management Access Rule
• Add IPv6 Management Access Rule
The appropriate Add Management Access Rule dialog box appears.
Step 3 From the Interface drop-down list, choose an interface on which to apply the rule.
Step 4 In the Action field, click one of the following:
• Permit (permits this traffic)
• Deny (denies this traffic)
Step 5 In the Source field, choose Any, or click the ellipsis (...) to browse for an address.
Step 6 In the Service field, add a service name for rule traffic, or click the ellipsis (...) to browse for a service.
To Next Page
Loading...
Need help?
General
