Filter
Top Products
35-15
Cisco ASDM User Guide
OL-16647-01
Chapter 35 General
ACL Manager
Extended ACL
This pane provides summary information about extended ACLs, and lets you add or edit ACLs and
ACEs.
Fields
• Add—Lets you add a new ACL. When you highlight an existing ACL, it lets you add a new ACE
for that ACL.
• Edit—Opens the Edit ACE dialog box, on which you can change an existing access control list rule.
• Delete—Removes an ACL or ACE. There is no confirmation or undo.
• Move Up/Move Down—Changes the position of a rule in the ACL Manager table.
• Cut—Removes the selection from the ACL Manager table and places it on the clipboard.
• Copy—Places a copy of the selection on the clipboard.
• Paste—Opens the Paste ACE dialog box, on which you can create a new ACL rule from an existing
rule.
• No—Indicates the order of evaluation for the rule. Implicit rules are not numbered, but are
represented by a hyphen.
• Enabled—Enables or disables a rule. Implicit rules cannot be disabled.
• Source—Specifies the IP addresses (Host/Network) that are permitted or denied to send traffic to
the IP addresses listed in the Destination column. In detail mode (see the Show Detail radio button),
an address column might contain an interface name with the word any, such as inside: any. This
means that any host on the inside interface is affected by the rule.
• Destination—Specifies the IP addresses (Host/Network) that are permitted or denied to send traffic
to the IP addresses listed in the Source column. An address column might contain an interface name
with the word any, such as outside: any. This means that any host on the outside interface is affected
by the rule. An address column might also contain IP addresses; for example
209.165.201.1-209.165.201.30. These addresses are translated addresses. When an inside host
makes a connection to an outside host, the firewall maps the address of the inside host to an address
from the pool. After a host creates an outbound connection, the firewall maintains this address
mapping. The address mapping structure is called an xlate, and remains in memory for a period of
time. During this time, outside hosts can initiate connections to the inside host using the translated
address from the pool, if allowed by the ACL. Normally, outside-to-inside connections require a
static translation so that the inside host always uses the same IP address.
• Service—Names the service and protocol specified by the rule.
• Action—Specifies whether this filter permits or denies traffic flow.
• Logging —Shows the logging level and the interval in seconds between log messages (if you enable
logging for the ACL). To set logging options, including enabling and disabling logging, right-click
this column, and choose Edit Log Option. The Log Options window appears.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——