Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter68 Configuring IKE, Load Balancing, and NAC

Configuring IPsec

Filter—Enter an IP Address to filter the results displayed.

Name—Indicates that the parameters that follow specify the name of the destination host or

IP Address—Indicates that the parameters that follow specify the interface, IP address, and

subnet mask of the destination host or network.

Netmask—Chooses a standard subnet mask to apply to the IP address. This parameter appears

when you choose the IP Address option button.

Description—Enter a description.

Selected Destination—Click Destination to include the selected entry as a destination.

•Service—Enter a service or click ... to launch the browse service dialog box where you can choose

from a list of services.

•Description—Enter a description for the Traffic Selection entry.

•More Options

Enable Rule—Click to enable this rule.

Source Service—Enter a service or click ... to launch the browse service dialog box where you

can choose from a list of services.

Time Range—Define a time range for which this rule applies.

Group—Indicates that the parameters that follow specify the interface and group name of the

source host or network.

Interface—Choose the interface name for the IP address. This parameter appears when you

choose the IP Address option button.

IP address—Specifies the IP address of the interface to which this policy applies. This

parameter appears when you choose the IP Address option button.

Destination—Specify the IP address, network object group or interface IP address for the source

or destination host or network. A rule cannot use the same address as both the source and

destination. Click ... for either of these fields to launch the Browse dialog box that contain the

following fields:

Name—Choose the interface name to use as the source or destination host or network. This

parameter appears when you choose the Name option button. This is the only parameter

associated with this option.

Interface—Choose the interface name for the IP address. This parameter appears when you

choose the Group option button.

Group—Choose the name of the group on the specified interface for the source or destination

host or network. If the list contains no entries, you can enter the name of an existing group. This

parameter appears when you choose the Group option button.

•Protocol and Service—Specifies protocol and service parameters relevant to this rule.

Note “Any - any” IPsec rules are not allowed. This type of rule would prevent the device and its peer

from supporting multiple LAN -to-LAN tunnels.

TCP—Specifies that this rule applies to TCP connections. This selection also displays the

Source Port and Destination Port group boxes.

UDP—Specifies that this rule applies to UDP connections. This selection also displays the

Source Port and Destination Port group boxes.

Contents

Cisco Systems - page 1485