Filter
Top Products
35-16
Cisco ASDM User Guide
OL-16647-01
Chapter 35 General
ACL Manager
• Time—Specifies the name of the time range to be applied in this rule.
• Description—Shows the description you typed when you added the rule. An implicit rule includes
the following description: “Implicit outbound rule.”
Modes
The following table shows the modes in which this feature is available:
Add/Edit/Paste ACE
The Add/Edit/Paste ACE dialog box lets you create a new extended access list rule, or modify an existing
rule. The Paste option becomes available only when you cut or copy a rule.
Fields
• Action—Determines the action type of the new rule. Select either permit or deny.
–
Permit—Permits all matching traffic.
–
Deny—Denies all matching traffic.
• Source/Destination—Specifies the source or destination type and, depending on that type, the other
relevant parameters describing the source or destination host/network IP Address. Possible values
are: any, IP address, Network Object Group, and Interface IP. The availability of subsequent fields
depends upon the value of the Type field:
–
any—Specifies that the source or destination host/network can be any type. For this value of the
Type field, there are no additional fields in the Source or Destination area.
–
IP Address—Specifies the source or destination host or network IP address. With this selection,
the IP Address, ellipsis button, and Netmask fields become available. Select an IP address or
host name from the drop-down list in the IP Address field or click the ellipsis (...) button to
browse for an IP address or name. Select a network mask from the drop-down list.
–
Network Object Group—Specifies the name of the network object group. Select a name from
the drop-down list or click the ellipsis (...) button to browse for a network object group name.
–
Interface IP—Specifies the interface on which the host or network resides. Select an interface
from the drop-down list. The default values are inside and outside. There is no browse function.
• Protocol and Service—Specifies the protocol and service to which this ACE filter applies. Service
groups let you identify multiple non-contiguous port numbers that you want the ACL to match. For
example, if you want to filter HTTP, FTP, and port numbers 5, 8, and 9, define a service group that
includes all these ports. Without service groups, you would have to create a separate rule for each
port.
You can create service groups for TCP, UDP, TCP-UDP, ICMP, and other protocols. A service group
with the TCP-UDP protocol contains services, ports, and ranges that might use either the TCP or
UDP protocol.
Firewall Mode Security Context
Routed Transparent Single
Multiple
Context System
• — • ——