EasyManua.ls Logo

Cisco ASA 5515-X

Cisco ASA 5515-X
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
CHAPTER
1-1
Cisco ASA Series CLI Configuration Guide
1
Information About Access Lists
Cisco ASAs provide basic traffic filtering capabilities with access lists, which control access in your
network by preventing certain traffic from entering or exiting. This chapter describes access lists and
shows how to add them to your network configuration.
Access lists are made up of one or more access control entries (ACEs). An ACE is a single entry in an
access list that specifies a permit or deny rule (to forward or drop the packet) and is applied to a protocol,
to a source and destination IP address or network, and, optionally, to the source and destination ports.
Access lists can be configured for all routed and network protocols (IP, AppleTalk, and so on) to filter
the packets of those protocols as the packets pass through a router.
Access lists are used in a variety of features. If your feature uses Modular Policy Framework, you can
use an access list to identify traffic within a traffic class map. For more information on Modular Policy
Framework, see Chapter 1, “Configuring a Service Policy Using the Modular Policy Framework.
This chapter includes the following sections:
Access List Types, page 1-1
Access Control Entry Order, page 1-2
Access Control Implicit Deny, page 1-3
IP Addresses Used for Access Lists When You Use NAT, page 1-3
Where to Go Next, page 1-3
Access List Types
The ASA uses five types of access control lists:
Standard access lists—Identify the destination IP addresses of OSPF routes and can be used in a
route map for OSPF redistribution. Standard access lists cannot be applied to interfaces to control
traffic. For more information, see Chapter 1, “Adding a Standard Access Control List.
Extended access lists—Use one or more access control entries (ACE) in which you can specify the
line number to insert the ACE, the source and destination addresses, and, depending upon the ACE
type, the protocol, the ports (for TCP or UDP), or the IPCMP type (for ICMP). For more
information, see Chapter 1, “Adding an Extended Access Control List.
EtherType access lists—Use one or more ACEs that specify an EtherType. For more information,
see Chapter 1, “Adding an EtherType Access List.
Webtype access lists—Used in a configuration that supports filtering for clientless SSL VPN. For
more information, see Chapter 1, “Adding a Webtype Access Control List.

Table of Contents

Other manuals for Cisco ASA 5515-X

Related product manuals