EasyManuals Logo

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #563 background imageLoading...
Page #563 background image
1-5
Cisco ASA Series CLI Configuration Guide
Chapter 1 Adding an Extended Access Control List
Configuring Extended ACLs
Detailed Steps
Command Purpose
access-list access_list_name
[line line_number] extended
{deny | permit} protocol_argument
source_address_argument
dest_address_argument [log [[level]
[interval secs] | disable | default]]
[inactive | time-range time_range_name]
Example:
hostname(config)# access-list ACL_IN
extended permit ip any any
Adds an ACE for IP address or FQDN policy.
• Line number—The line line_number option specifies the line number
at which insert the ACE; otherwise, the ACE is added to the end of the
ACL.
• Permit or Deny—The deny keyword denies or exempts a packet if the
conditions are matched. The permit keyword permits a packet if the
conditions are matched.
• Protocol—The protocol_argument specifies the IP protocol:
–
name or number—Specifies the protocol name or number. Specify
ip to apply to all protocols.
–
object-group protocol_grp_id—Specifies a protocol object group
created using the object-group protocol command.
–
object service_obj_id—Specifies a service object created using
the object service command. A TCP, UDP, or ICMP service object
can include a protocol and a source and/or destination port or
ICMP type and code.
–
object-group service_grp_id—Specifies a service object group
created using the object-group service command.
• Source Address, Destination Address—The source_address_argument
specifies the IP address or FQDN from which the packet is being sent,
and the dest_address_argument specifies the IP address or FQDN to
which the packet is being sent:
–
host ip_address—Specifies an IPv4 host address.
–
dest_ip_address mask—Specifies an IPv4 network address and
subnet mask.
–
ipv6-address/prefix-length—Specifies an IPv6 host or network
address and prefix.
–
any, any4, and any6—any specifies both IPv4 and IPv6 traffic;
any4 specifies only IPv4 traffic; and any6 specifies any6 traffic.
–
object nw_obj_id—Specifies a network object created using the
object network command.
–
object-group nw_grp_id—Specifies a network object group
created using the object-group network command.
• Logging—log arguments set logging options when an ACE matches a
packet for network access (an ACL applied with the access-group
command).
• Activation—Inactivates or enables a time range that the ACE is active;
see the time-range command for information about defining a time
range.

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
ModelASA 5505
InterfacesVaries by model (Fast Ethernet, Gigabit Ethernet, 10 Gigabit Ethernet, etc.)
High AvailabilityActive/Standby or Active/Active (varies by model)
Power SupplyVaries by model
Form FactorVaries by model
Operating SystemCisco ASA Software
IPsec VPNSupported
SSL VPNSupported
IPS ThroughputVaries by model

Related product manuals