3-21
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 3 Access Control Lists
History for ACLs
History for ACLs
Feature Name Releases Description
Extended, standard, webtype ACLs 7.0(1) ACLs are used to control network access or to specify traffic
for many features to act upon. An extended access control
list is used for through-the-box access control and several
other features. Standard ACLs are used in route maps and
VPN filters. Webtype ACLs are used in clientless SSL VPN
filtering. EtherType ACLs control non-IP layer 2 traffic.
We introduced the following commands: access-list
extended, access-list standard, access-list webtype,
access-list ethertype.
Real IP addresses in extended ACLs 8.3(1) When using NAT or PAT, mapped addresses and ports are no
longer used in an ACL for several features. You must use the
real, untranslated addresses and ports for these features.
Using the real address and port means that if the NAT
configuration changes, you do not need to change the ACLs.
For more information, see IP Addresses Used for Extended
ACLs When You Use NAT, page 3-4.
Support for Identity Firewall in extended ACLs 8.4(2) You can now use identity firewall users and groups for the
source and destination. You can use an identity firewall
ACL with access rules, AAA rules, and for VPN
authentication.
We modified the following commands: access-list
extended.
EtherType ACL support for IS-IS traffic 8.4(5), 9.1(2) In transparent firewall mode, the ASA can now control
IS-IS traffic using an EtherType ACL.
We modified the following command: access-list ethertype
{permit | deny} isis.
Support for Cisco TrustSec in extended ACLs 9.0(1) You can now use Cisco TrustSec security groups for the
source and destination. You can use an identity firewall
ACL with access rules.
We modified the following commands: access-list
extended.
To Next Page
Loading...
