Name: Cisco ASA 5506-X
Brand: Cisco
Rating: 4 (1 reviews)

To Next Page

To Previous Page

CHAPTER

4-1

Cisco ASA Series Firewall CLI Configuration Guide

Access Rules

This chapter describes how to control network access through or to the ASA using access rules. You use

access rules to control network access in both routed and transparent firewall modes. In transparent

mode, you can use both access rules (for Layer 3 traffic) and EtherType rules (for Layer 2 traffic).

Note To access the ASA interface for management access, you do not also need an access rule allowing the

host IP address. You only need to configure management access according to the general operations

configuration guide.

• Controlling Network Access, page 4-1

• Guidelines for Access Control, page 4-7

• Configure Access Control, page 4-7

• Monitoring Access Rules, page 4-10

• Configuration Examples for Permitting or Denying Network Access, page 4-11

• History for Access Rules, page 4-12

Controlling Network Access

Access rules determine which traffic is allowed through the ASA. There are several different layers of

rules that work together to implement your access control policy:

• Extended access rules (Layer 3+ traffic) assigned to interfaces—You can apply separate rule sets

(ACLs) in the inbound and outbound directions. An extended access rule permits or denies traffic

based on the source and destination traffic criteria.

• Extended access rules assigned globally—You can create a single global rule set, which serves as

your default access control. The global rules are applied after interface rules.

• Management access rules (Layer 3+ traffic)—You can apply a single rule set to cover traffic directed

at an interface, which would typically be management traffic. In the CLI, these are “control plane”

access groups. For ICMP traffic directed at the device, you can alternatively configure ICMP rules.

• EtherType rules (Layer 2 traffic) assigned to interfaces (transparent firewall mode only)—You can

apply separate rule sets in the inbound and outbound directions. EtherType rules control network

access for non-IP traffic. An EtherType rule permits or denies traffic based on the EtherType.

Other manuals for Cisco ASA 5506-X

Questions and Answers:

Need help?

Do you have a question about the Cisco ASA 5506-X and is the answer not in the manual?

General

Model	ASA 5506-X
Firewall Throughput	750 Mbps
Maximum Firewall Connections	50, 000
Maximum VPN Peers	50
Integrated Ports	8 x 1 GE
Stateful Inspection Throughput	750 Mbps
Weight	4.4 lb (2 kg)
Firewall Throughput (Multiprotocol)	750 Mbps
Firewall Throughput (Application Visibility and Control AVC)	250 Mbps
Concurrent Sessions	50, 000
New Connections per Second	10, 000
IPsec VPN Throughput	100 Mbps
Interfaces	8 x 1 GE
Memory	4 GB
Flash Memory	8 GB
Form Factor	Desktop
VPN Throughput	100 Mbps
Maximum Concurrent Sessions	50, 000
New Sessions per Second	10, 000
Operating Temperature	32 to 104°F (0 to 40°C)
Storage Temperature	-13 to 158°F (-25 to 70°C)
Power Supply	External
Humidity	10% to 90% non-condensing