Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
37-8
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 37 Configuring Access Rules
Configuring Access Rules
Step 7 To browse for a user name or user group, click the ellipsis (...) button. The Browse User dialog box
appears. See the Adding Users and Groups to Access Rules, page 39-20 for information.
Step 8 In the Destination field, enter an IP address that specifies the network, interface IP, any address to which
traffic is permitted or denied from the source specified in the Source field.
Step 9 Select the service type.
Step 10 (Optional) To add a time range to your access rule that specifies when traffic can be allowed or denied,
click More Options to expand the list.
a. To the right of the Time Range drop down list, click the browse button.
The Browse Time Range dialog box appears.
b. Click Add.
The Add Time Range dialog box appears.
c. In the Time Range Name field, enter a time range name, with no spaces.
d. Choose the Start Time and the End Time.
e. To specify additional time constraints for the time range, such as specifying the days of the week or
the recurring weekly interval in which the time range will be active, click Add, and choose the
specifications.
f. Click OK to apply the optional time range specifications.
Step 11 (Optional) In the Description field, add a text description about the access rule.
The description can contain multiple lines; however, each line can be no more than 100 characters in
length.
Step 12 (Optional) Logging is enabled by default. You can disable logging by unchecking the check box, or you
can change the logging level from the drop-down list. The default logging level is Informational.
Step 13 Click OK. The access rule appears with the newly configured access rules.
Step 14 Click Apply to save the access rule to your configuration.
Note After you add access rules, you can click the following radio buttons to filter which access rules appear
in the main pane: IPv4 and IPv6, IPv4 Only, or IPv6 Only.
You can edit or delete a particular access rule by selecting the rule and then clicking Edit or Delete.
Adding an EtherType Rule (Transparent Mode Only)
The EtherType Rules window shows access rules based on packet EtherTypes. EtherType rules are used
to configure non-IP related traffic policies through the ASA when operating in transparent mode. In
transparent mode, you can apply both extended and EtherType access rules to an interface. EtherType
rules take precedence over the extended access rules.
For more information about EtherType rules, see the “Information About Access Rules” section on
page 37-1.
To add an EtherType rule, perform the following steps: