Cisco Systems ASA 5540 Network Router User Manual


  Open as PDF
of 2086
 
68-18
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 68 Configuring IKE, Load Balancing, and NAC
Configuring IPsec
ICMP—Specifies that this rule applies to ICMP connections. This selection also displays the
ICMP Type group box.
IP—Specifies that this rule applies to IP connections. This selection also displays the IP
Protocol group box.
Manage Service Groups—Displays the Manage Service Groups pane, on which you can add,
edit, or delete a group of TCP/UDP services/ports.
Source Port and Destination Port —Contains TCP or UDP port parameters, depending on
which option button you chose in the Protocol and Service group box.
Service—Indicates that you are specifying parameters for an individual service. Specifies the
name of the service and a boolean operator to use when applying the filter.
Boolean operator (unlabeled)—Lists the boolean conditions (equal, not equal, greater than,
less than, or range) to use in matching the service specified in the service box.
Service (unlabeled)—Identifies the service (such as https, kerberos, or any) to be matched. If
you specified the range service operator this parameter becomes two boxes, into which you
enter the start and the end of the range.
... —Displays a list of services from which you can choose the service to display in the Service
box.
Service Group—Indicates that you are specifying the name of a service group for the source
port.
Service (unlabeled)—Choose the service group to use.
ICMP Type—Specifies the ICMP type to use. The default is any. Click the ... button to display
a list of available types.
Options
Time Range—Specify the name of an existing time range or create a new range.
... —Displays the Add Time Range pane, on which you can define a new time range.
Please enter the description below (optional)—Provides space for you to enter a brief
description of the rule.
Modes
The following table shows the modes in which this feature is available:
Pre-Fragmentation
Use this pane to set the IPsec pre-fragmentation policy and do-not-fragment (DF) bit policy for any
interface.
The IPsec pre-fragmentation policy specifies how to treat packets that exceed the maximum transmission
unit (MTU) setting when tunneling traffic through the public interface. This feature provides a way to
handle cases where a router or NAT device between the ASA and the client rejects or drops IP fragments.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
——