Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
37-7
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 37 Configuring Access Rules
Default Settings
Default Settings
See the “Implicit Permits” section on page 37-2.
Configuring Access Rules
This section includes the following topics:
Adding an Access Rule, page 37-7
Adding an EtherType Rule (Transparent Mode Only), page 37-8
Configuring Management Access Rules, page 37-10
Advanced Access Rule Configuration, page 37-11
Configuring HTTP Redirect, page 37-12
Adding an Access Rule
To apply an access rule, perform the following steps.
Detailed Steps
Step 1 Choose Configuration > Firewall > Access Rules.
Step 2 Click Add, and choose one of the following options:
Add Access Rule
Add IPv6 Access Rule
The appropriate access rule dialog box appears.
Step 3 From the Interface drop-down list, choose the interface on which to apply the rule. Choose Any to apply
a global rule.
Step 4 In the Action field, click one of the following radio buttons next to the desired action:
Permit—Permits access if the conditions are matched.
Deny—Denies access if the conditions are matched.
Step 5 In the Source field, enter an IP address that specifies the network, interface IP, or any address from which
traffic is permitted or denied to the specified destination.
For more information about enabling IPv6 on an interface, see the “Configuring IPv6 Addressing”
section on page 14-14.
Step 6 In the User field, enter a user name or group to the access list. Enter the user name in the format
domain_NetBIOS_name\user_name. Enter the group name in the format
domain_NetBIOS_name\group_name.
You can configure access rules based on user names and user group names rather than through source IP
addresses. The ASA applies the security policies based on an association of IP addresses to Windows
Active Directory login information and reports events based on the mapped user names instead of
network IP addresses.
See the “Configuring Identity-based Access Rules” section on page 39-19 for more information.