CHAPT ER
34-1
Cisco ASA 5500 Series Configuration Guide using the CLI
34
Configuring Access Rules
This chapter describes how to control network access through the ASA using access rules and includes
the following sections:
Information About Access Rules, page34-1
Licensing Requirements for Access Rules, page 34-6
Prerequisites, page 34-7
Guidelines and Limitations, page34-7
Default Settings, page34-7
Configuring Access Rules, page34-7
Monitoring Access Rules, page 34-8
Configuration Examples for Permitting or Denying Network Access, page34-9
Feature History for Access Rules, page 34-10
Note You use access rules to control network access in both routed and transparent firewall modes. In
transparent mode, you can use both access rules (for Layer 3 traffic) and EtherType rules (for Layer 2
traffic).
To access the ASA interface for management access, you do not also need an access rule allowing the
host IP address. You only need to configure management access according to Chapter37, “Configuring
Management Access.”

Information About Access Rules

You create an access rule by applying an extended or EtherType access list to an interface or globally for
all interfaces.You can use access rules in routed and transparent firewall mode to control IP traffic. An
access rule permits or denies traffic based on the protocol, a source and destination IPaddress or
network, and optionally the source and destination ports.
For transparent mode only, an EtherType rule controls network access for non-IP traffic. An EtherType
rule permits or denies traffic based on the EtherType.
This section includes the following topics:
General Information About Rules, page 34-2
Information About Extended Access Rules, page 34-4