Filter
Top Products
34-15
Cisco ASDM User Guide
OL-16647-01
Chapter 34 IKE
IPsec
–
Destination—Specify the IP address, network object group or interface IP address for the
source or destination host or network. A rule cannot use the same address as both the source and
destination. Click ... for either of these fields to launch the Browse dialogs that contain the
following fields:
–
Name—Selects the interface name to use as the source or destination host or network. This
parameter appears when you select the Name option button. This is the only parameter
associated with this option.
–
Interface—Selects the interface name for the IP address. This parameter appears when you
select the Group option button.
–
Group—Selects the name of the group on the specified interface for the source or destination
host or network. If the list contains no entries, you can enter the name of an existing group. This
parameter appears when you select the Group option button.
• Protocol and Service—Specifies protocol and service parameters relevant to this rule.
Note “Any - any” IPsec rules are not allowed. This type of rule would prevent the device and its peer
from supporting multiple LAN -to-LAN tunnels.
–
TCP—Specifies that this rule applies to TCP connections. This selection also displays the
Source Port and Destination Port group boxes.
–
UDP—Specifies that this rule applies to UDP connections. This selection also displays the
Source Port and Destination Port group boxes.
–
ICMP—Specifies that this rule applies to ICMP connections. This selection also displays the
ICMP Type group box.
–
IP—Specifies that this rule applies to IP connections. This selection also displays the IP
Protocol group box.
–
Manage Service Groups—Displays the Manage Service Groups panel, on which you can add,
edit, or delete a group of TCP/UDP services/ports.
–
Source Port and Destination Port —Contains TCP or UDP port parameters, depending on
which option button you selected in the Protocol and Service group box.
–
Service—Indicates that you are specifying parameters for an individual service. Specifies the
name of the service and a boolean operator to use when applying the filter.
–
Boolean operator (unlabeled)—Lists the boolean conditions (equal, not equal, greater than,
less than, or range) to use in matching the service specified in the service box.
–
Service (unlabeled)—Identifies the service (such as https, kerberos, or any) to be matched. If
you specified the range service operator this parameter becomes two boxes, into which you
enter the start and the end of the range.
–
... —Displays a list of services from which you can select the service to display in the Service
box.
–
Service Group—Indicates that you are specifying the name of a service group for the source
port.
–
Service (unlabeled)—Selects the service group to use.
–
ICMP Type—Specifies the ICMP type to use. The default is any. Click the ... button to display
a list of available types.
• Options