34-7
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter34 Configuring Access Rules
Prerequisites
Prerequisites
Before you can create an access rule, create the access list. See Chapter 15, “Adding an Extended Access
List,” and Chapter16, “Adding an EtherType Access List,” for more information.
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
Supported in single and multiple context mode.
Firewall Mode Guidelines
Supported in routed and transparent firewall modes.
IPv6 Guidelines
Supports IPv6.
Per-User Access List Guidelines
If there is no per-user access list associated with a packet, the interface access rule is applied.
The per-user access list uses the value in the timeout uauth command, but it can be overridden by
the AAA per-user session timeout value.
If traffic is denied because of a per-user access list, syslog message 109025 is logged. If traffic is
permitted, no syslog message is generated. The log option in the per-user access list has no effect.
Default Settings
See the “Implicit Permits” section on page34-2.
Configuring Access Rules
To apply an access rule, perform the following steps.