Cisco Systems ASA Services Module Manuel D’Utilisation
7-10
Cisco ASA Series Firewall ASDM Configuration Guide
Chapter 7 Configuring Access Rules
Guidelines and Limitations
Step 5
In the Action field, click one of the following radio buttons next to the desired action:
•
Permit—Permits access if the conditions are matched.
•
Deny—Denies access if the conditions are matched.
Step 6
In the EtherType field, choose an EtherType value from the drop-down list.
Step 7
(Optional) In the Description field, add a test description about the rule.
The description can contain multiple lines; however, each line can be no more than 100 characters in
length.
length.
Step 8
(Optional) To specify the direction for this rule, click More Options to expand the list, and then specify
the direction by clicking one of the following radio buttons:
the direction by clicking one of the following radio buttons:
•
In—Incoming traffic
•
Out—Outgoing traffic
Step 9
Click OK.
Configuring Management Access Rules
You can configure an interface ACL that supports access control for to-the-box management traffic from
a specific peer (or set of peers) to the security appliance. One scenario in which this type of ACL would
be useful is when you want to block IKE Denial of Service attacks.
a specific peer (or set of peers) to the security appliance. One scenario in which this type of ACL would
be useful is when you want to block IKE Denial of Service attacks.
To configure an extended ACL that permits or denies packets for to-the-box traffic, perform the
following steps:
following steps:
Step 1
Choose Configuration > Device Management > Management Access > Management Access Rules.
Step 2
Click Add, and choose one of the following actions:
The Add Management Access Rule dialog box appears.
Step 3
From the Interface drop-down list, choose an interface on which to apply the rule. Choose Any to apply
a global rule.
a global rule.
Step 4
In the Action field, click one of the following radio buttons to choose the action:
•
Permit—Permits access if the conditions are matched.
•
Deny—Denies access if the conditions are matched.
Step 5
In the Source field, enter an IP address that specifies the network object group, interface IP, or any
address from which traffic is permitted or denied. You may use either an IPv4 or IPv6 address.
address from which traffic is permitted or denied. You may use either an IPv4 or IPv6 address.
Note
IPv6 must be enabled on at least one interface before you can configure an extended ACL with
an IPv6 address. For more information about enabling IPv6 on an interface, see the
an IPv6 address. For more information about enabling IPv6 on an interface, see the
in the general operations configuration guide.
Step 6
In the Service field, add a service name for rule traffic, or click the ellipsis (...) to browse for a service.
Step 7
(Optional) In the Description field, add a description for this management access rule.
The description can contain multiple lines; however, each line can be no more than 100 characters in
length.
length.