Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Adding a Service Policy Rule for Management Traffic

36-12

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter36 Configuring a Service Policy

Adding a Service Policy Rule for Management Traffic

Add additional values as desired, or remove them using the Remove button.

Step7 Click Next.

The Add Service Policy Rule - Rule Actions dialog box appears.

Step8 Configure one or more rule actions. See the “Supported Features for Through Traffic” section on

page 36-1 for a list of features.

Step9 Click Finish.

Adding a Service Policy Rule for Management Traffic

You can create a service policy for traffic directed to the ASA for management purposes. See the

“Supported Features for Management Traffic” section on page36-2 for more information. This section

includes the following topics:

To add a service policy rule for management traffic, perform the following steps:

Step1 From the Configuration > Firewall > Service Policy Rules pane, click the down arrow next to Add.

Step2 Choose Add Management Service Policy Rule.

The Add Management Service Policy Rule Wizard - Service Policy dialog box appears.

Step3 In the Create a Service Policy and Apply To area, click one of the following options:

•Interface. This option applies the service policy to a single interface. Interface service policies take

precedence over the global service policy for a given feature. For example, if you have a global

policy with RADIUS accounting inspection, and an interface policy with connection limits, then

both RADIUS accounting and connection limits are applied to the interface. However, if you have

a global policy with RADIUS accounting, and an interface policy with RADIUS accounting, then

only the interface policy RADIUS accounting is applied to that interface.

a. Choose an interface from the drop-down list.

If you choose an interface that already has a policy, then the wizard lets you add a new service

policy rule to the interface.

b. If it is a new service policy, enter a name in the Policy Name field.

c. (Optional) Enter a description in the Description field.

•Global - applies to all interfaces. This option applies the service policy globally to all interfaces.

By default, a global policy exists that includes a service policy rule for default application

inspection. See the “Default Settings” section on page 36-6 for more information. You can add a rule

to the global policy using the wizard.

Step4 Click Next.

The Add Management Service Policy Rule Wizard - Traffic Classification Criteria dialog box appears.

Step5 Click one of the following options to specify the traffic to which to apply the policy actions:

•Create a new traffic class. Enter a traffic class name in the Create a new traffic class field, and enter

an optional description.

Cisco Systems Adding a Service Policy Rule for Management Traffic