Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter36 Configuring a Service Policy

Adding a Service Policy Rule for Through Traffic

Specify the address and subnet mask using prefix/length notation, such as 10.1.1.0/24. If you

enter an IP address without a mask, it is considered to be a host address, even if it ends with a 0.

Enter any to specify any source address.

Separate multiple addresses by a comma.

c. In the Destination field, enter the destination IP address, or click the ... button to choose an IP

address that you already defined in ASDM.

Specify the address and subnet mask using prefix/length notation, such as 10.1.1.0/24. If you

enter an IP address without a mask, it is considered to be a host address, even if it ends with a 0.

Enter any to specify any destination address.

Separate multiple addresses by a comma.

d. In the Service field, enter an IP service name or number for the destination service, or click the

... button to choose a service.

If you want to specify a TCP or UDP port number, or an ICMP service number, enter

protocol/port. For example, enter TCP/8080.

By default, the service is IP.

Separate multiple services by a comma.

e. (Optional) Enter a description in the Description field.

f. (Optional) To specify a source service for TCP or UDP, click the More Options area open, and

enter a TCP or UDP service in the Source Service field.

The destination service and source service must be the same. Copy and paste the destination

Service field to the Source Service field.

g. (Optional) To make the rule inactive, click the More Options area open, and uncheck Enable

This setting might be useful if you do not want to remove the rule, but want to turn it off.

h. (Optional) To set a time range for the rule, click the More Options area open, and from the Time

Range drop-down list, choose a time range.

To add a new time range, click the ... button. See the “Configuring Time Ranges” section on

page 20-15 for more information.

This setting might be useful if you only want the rule to be active at predefined times.

•Tunnel Group—Choose a tunnel group from the Tunnel Group drop-down list, or click New to add

a new tunnel group. See the “Add or Edit an IPsec Remote Access Connection Profile” section on

page 69-77 for more information.

To police each flow, check Match flow destination IP address. All traffic going to a unique IP

destination address is considered a flow.

•Destination Port—Click TCP or UDP.

In the Service field, enter a port number or name, or click ... to choose one already defined in ASDM.

•RTP Range—Enter an RTP port range, between 2000 and 65534. The maximum number of port sin

the range is 16383.

•IP DiffServ CodePoints (DSCP)—In the DSCP Value to Add area, choose a value from the Select

Named DSCP Values or enter a value in the Enter DSCP Value (0-63) field, and click Add.

Add additional values as desired, or remove them using the Remove button.

•IP Precedence—From the Available IP Precedence area, choose a value and click Add.

Contents

Cisco Systems - page 841