Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

20-11

Cisco ASDM User Guide

OL-16647-01

Chapter 20 Configuring Access Rules and EtherType Rules

Configuring Access Rules

–

Remove—Removes the selected criteria.

• Define New Criteria—This area lets you define new criteria to add to the match criteria.

–

Field—Choose a type of criteria, including Interface, Source, Destination, Service, Action, or

another Rule Query to be nested in this rule query.

–

Value—Enter a value to search on. For the Interface type, this field becomes a drop-down list

so you can choose an interface name. For the Action type, the drop-down list includes Permit

and Deny. For the Rule Query type, the drop-down list includes all defined rule queries. The

Source and Destination types accept an IP address. You can type one manually, or browse for

one by clicking the ... button and launching the Browse Address dialog box. The Service type

accepts a TCP, UDP, TCP-UDP, ICMP, or IP protocol type. You can type one manually, or

browse for one by clicking the ... button and launching the Browse Service Groups dialog box.

–

Add—Adds the criteria to the Match Criteria table.

Modes

The following table shows the modes in which this feature is available:

Add/Edit Access Rule

The Add/Edit Rule dialog box lets you create a new rule, or modify an existing rule.

For more information about access rules, see the “Information About Access Rules and EtherType

Rules” section on page 20-1.

Fields

• Interface—Specifies the interface to which the rule applies.

• Action—Determines the action type of the new rule. Select either permit or deny.

–

Permit—Permits all matching traffic.

–

Deny—Denies all matching traffic.

• Source—Specifies the IP address, network object group, interface IP, or any, from which traffic is

permitted or denied to the destination specified in the Destination field.

...—Lets you select, add, edit, delete, or find an existing IP address object, IP name, network

object group, or all.

• Destination —Specifies the IP address, network object group, interface IP, or any, to which traffic

is permitted or denied from the source specified in the Source Type field.

...—Lets you select, add, edit, delete, or find an existing IP address object, IP name, network

object group, or all.

• Service—Choose this option to specify a port number, a range of ports, or a well-known service

name or group from a list of services.

...—Lets you select, add, edit, delete, or find an existing service from a preconfigured list.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• • • • —

previous next