Cisco Systems ASA 5510 Network Router User Manual


  Open as PDF
of 2086
 
37-10
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 37 Configuring Access Rules
Configuring Access Rules
No—Indicates the order of evaluation for the rule.
Action—Permit or deny action for this rule.
Ethervalue—EtherType value: IPX, BPDU, MPLS-Unicast, MPLS-Multicast, or a 16-bit
hexadecimal value between 0x600 (1536) and 0xffff by which an EtherType can be identified.
Interface—Interface to which the rule is applied.
Direction Applied—Direction for this rule: incoming traffic or outgoing traffic.
Description—Optional text description of the rule.
Add/Edit EtherType Rule
Configuration > Security Policy > Ethertype Rules > Add/Edit Ethertype Rules
The Add/Edit EtherType Rules dialog box lets you add or edit an EtherType rule.
For more information about EtherType rules, see the “Information About Access Rules” section on
page 37-1.
Fields
Action—Permit or deny action for this rule.
Interface—Interface name for this rule.
Apply rule to—Direction for this rule: incoming traffic or outgoing traffic.
Ethervalue—EtherType value: BPDU, IPX, MPLS-Unicast, MPLS-Multicast, any (any value
between 0x600 and 0xffff), or a 16-bit hexadecimal value between 0x600 (1536) and 0xffff by which
an EtherType can be identified.
Description—Optional text description of the rule.
Configuring Management Access Rules
You can configure an interface ACL that supports access control for to-the-box management traffic from
a specific peer (or set of peers) to the security appliance. One scenario in which this type of ACL would
be useful is when you want to block IKE Denial of Service attacks.
To configure an extended ACL that permits or denies packets for to-the-box traffic, perform the
following steps:
Step 1 Choose Configuration > Device Management > Management Access > Management Access Rules.
Step 2 Click Add, and choose one of the following actions:
Add Management Access Rule
Add IPv6 Management Access Rule
The appropriate Add Management Access Rule dialog box appears.
Step 3 From the Interface drop-down list, choose an interface on which to apply the rule. Choose Any to apply
a global rule.
Step 4 In the Action field, click one of the following radio buttons to choose the action:
Permit—Permits access if the conditions are matched.
Deny—Denies access if the conditions are matched.