Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
69-19
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 69 General VPN Setup
ACL Manager
209.165.201.1-209.165.201.30. These addresses are translated addresses. When an inside host
makes a connection to an outside host, the firewall maps the address of the inside host to an address
from the pool. After a host creates an outbound connection, the firewall maintains this address
mapping. The address mapping structure is called an xlate, and remains in memory for a period of
time. During this time, outside hosts can initiate connections to the inside host using the translated
address from the pool, if allowed by the ACL. Normally, outside-to-inside connections require a
static translation so that the inside host always uses the same IP address.
Service—Names the service and protocol specified by the rule.
Action—Specifies whether this filter permits or denies traffic flow.
Logging—Shows the logging level and the interval in seconds between log messages (if you enable
logging for the ACL). To set logging options, including enabling and disabling logging, right-click
this column, and click Edit Log Option. The Log Options dialog box appears.
Time—Specifies the name of the time range to be applied in this rule.
Description—Shows the description you typed when you added the rule. An implicit rule includes
the following description: “Implicit outbound rule.”
Modes
The following table shows the modes in which this feature is available:
Add/Edit/Paste ACE
The Add/Edit/Paste ACE dialog box lets you create a new extended access list rule, or modify an existing
rule. The Paste option becomes available only when you cut or copy a rule.
Fields
Action—Determines the action type of the new rule. Select either permit or deny.
Permit—Permits all matching traffic.
Deny—Denies all matching traffic.
Source/Destination—Specifies the source or destination type and, depending on that type, the other
relevant parameters describing the source or destination host/network IP Address. Possible values
are: any, IP address, Network Object Group, and Interface IP. The availability of subsequent fields
depends upon the value of the Type field:
any—Specifies that the source or destination host/network can be any type. For this value of the
Type field, there are no additional fields in the Source or Destination area.
IP Address—Specifies the source or destination host or network IP address. Both IPv4 and IPv6
addresses are supported. With this selection, the IP Address, ellipsis button, and Netmask fields
become available. Choose an IP address or host name from the drop-down list in the IP Address
field or click the ellipsis (...) button to browse for an IP address or name. Select a network mask
from the drop-down list.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
——