Cisco Systems ASA 5585-X Manual De Usuario
6-2
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 6 Configuring Access Rules
Information About Access Rules
•
General Information About Rules
This section describes information for both access rules and EtherType rules, and it includes the
following topics:
following topics:
•
•
•
•
•
•
Implicit Permits
For routed mode, the following types of traffic are allowed through by default:
•
Unicast IPv4 traffic from a higher security interface to a lower security interface.
•
Unicast IPv6 traffic from a higher security interface to a lower security interface.
For transparent mode, the following types of traffic are allowed through by default:
•
Unicast IPv4 traffic from a higher security interface to a lower security interface.
•
Unicast IPv6 traffic from a higher security interface to a lower security interface.
•
ARPs in both directions.
Note
ARP traffic can be controlled by ARP inspection, but cannot be controlled by an access rule.
•
BPDUs in both directions.
For other traffic, you need to use either an extended access rule (IPv4 and IPv6) or an EtherType rule
(non-IPv4/IPv6).
(non-IPv4/IPv6).
Information About Interface Access Rules and Global Access Rules
You can apply an access rule to a specific interface, or you can apply an access rule globally to all
interfaces. You can configure global access rules in conjunction with interface access rules, in which
case, the specific interface access rules are always processed before the general global access rules.
interfaces. You can configure global access rules in conjunction with interface access rules, in which
case, the specific interface access rules are always processed before the general global access rules.
Note
Global access rules apply only to inbound traffic. See the
.
Using Access Rules and EtherType Rules on the Same Interface
You can apply one access rule and one EtherType rule to each direction of an interface.