Cisco Cisco Clean Access 3.5

AH (51)—Authentication Header, an IPSec subprotocol used to compute a cryptographic 
checksum to guarantee the authenticity of the IP header and packet. 

CUSTOM:—To specify a different protocol number than the protocols listed in the dropdown 
menu, select CUSTOM.

In the Untrusted (IP/Mask:Port) field, specify the IP address and subnet mask of the untrusted 
network to which the policy applies. An asterisk in the IP/Mask fields means the policy applies for 
any address/application. If you chose TCP or UDP as the Protocol, also select the TCP/UDP 
application from the Port (CUSTOM) dropdown menu. Note that the protocol port number is 
automatically populated by default. 

In the Trusted (IP/Mask:Port) field, specify the IP address and subnet mask of the trusted network 
to which the policy applies. An asterisk in the IP/Mask fields means the policy applies for any 
address/application. If you chose TCP or UDP as the Protocol, also select the TCP/UDP application 
from the Port (CUSTOM) dropdown menu. 

The traffic direction you select for viewing the list of policies (Untrusted -> Trusted or Trusted -> 
Untrusted) sets the source and destination when you open the Add Policy form:

The first IP/Mask/Port entry listed is the source.

The second IP/Mask/Port entry listed is the destination. 

Optionally, type a description of the policy in the Description field. 

Click Add Policy when finished. If modifying a policy, click the Update Policy button.

Go to User Management > User Roles > Traffic Control > IP. 

Click the Edit button for the role policies you want to edit (

).

The Edit Policy form for the role appears (