EasyManuals Logo

Cisco 5510 - ASA SSL / IPsec VPN Edition Configuration Guide

Cisco 5510 - ASA SSL / IPsec VPN Edition
1822 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #644 background imageLoading...
Page #644 background image
30-12
Cisco ASA 5500 Series Configuration Guide using ASDM
OL-20339-01
Chapter 30 Configuring Access Rules
Configuring Access Rules
Prerequisites
These settings only apply if you enable the newer logging mechanism for the access rule.
Fields
Maximum Deny-flows—The maximum number of deny flows permitted before the adaptive security
appliance stops logging, between 1 and the default value. The default is 4096.
Alert Interval—The amount of time (1-3600 seconds) between system log messages (number
106101) that identify that the maximum number of deny flows was reached. The default is 300
seconds.
Per User Override table—Specifies the state of the per user override feature. If the per user override
feature is enabled on the inbound access rule, the access rule provided by a RADIUS server replaces
the access rule configured on that interface. If the per user override feature is disabled, the access
rule provided by the RADIUS server is combined with the access rule configured on that interface.
If the inbound access rule is not configured for the interface, per user override cannot be configured.
Object Group Search Setting—Reduces the amount of memory used to store service rules, but
lengthens the amount of time to search for a matching access rule.
Access Rule Explosion
The security appliance allows you to turn off the expansion of access rules that contain certain object
groups. When expansion is turned off, an object group search is used for lookup, which lowers the
memory requirements for storing expanded rules but decreases the lookup performance. Because of the
trade-off of performance for memory utilization, you can turn on and turn off the search.
To configure the option of turning off the expansion of access rules that contain s, perform the following
steps:
Step 1 Choose Configuration > Firewall > Access Rules.
Step 2 Click the Advanced button.
Step 3 Check the Enable Object Group Search Algorithm check box.
For more information about access rules, see the “Information About Access Rules” section on
page 30-1.

Table of Contents

Other manuals for Cisco 5510 - ASA SSL / IPsec VPN Edition

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Hardware Installation Guide
Hardware Installation Guide82 pages
Preview: Getting Started Guide
Getting Started Guide208 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco 5510 - ASA SSL / IPsec VPN Edition and is the answer not in the manual?

Cisco 5510 - ASA SSL / IPsec VPN Edition Specifications

General IconGeneral
BrandCisco
Model5510 - ASA SSL / IPsec VPN Edition
CategoryFirewall
LanguageEnglish

Related product manuals