Configuring access rules, Information about access rules, C h a p t e r – Cisco ASA 5505 User Manual
Page 671: Chapter 34, “configuring access rules, Chapter 34
C H A P T E R
34-1
Cisco ASA 5500 Series Configuration Guide using the CLI
34
Configuring Access Rules
This chapter describes how to control network access through the ASA using access rules and includes
the following sections:
•
Information About Access Rules, page 34-1
•
Licensing Requirements for Access Rules, page 34-6
•
•
Guidelines and Limitations, page 34-7
•
•
Configuring Access Rules, page 34-7
•
Monitoring Access Rules, page 34-8
•
Configuration Examples for Permitting or Denying Network Access, page 34-9
•
Feature History for Access Rules, page 34-10
Note
You use access rules to control network access in both routed and transparent firewall modes. In
transparent mode, you can use both access rules (for Layer 3 traffic) and EtherType rules (for Layer 2
traffic).
To access the ASA interface for management access, you do not also need an access rule allowing the
host IP address. You only need to configure management access according to
Information About Access Rules
You create an access rule by applying an extended or EtherType access list to an interface or globally for
all interfaces.You can use access rules in routed and transparent firewall mode to control IP traffic. An
access rule permits or denies traffic based on the protocol, a source and destination IP address or
network, and optionally the source and destination ports.
For transparent mode only, an EtherType rule controls network access for non-IP traffic. An EtherType
rule permits or denies traffic based on the EtherType.
This section includes the following topics:
•
General Information About Rules, page 34-2
•