Cisco Systems ASA 5510, ASA 5512-X, ASA 5515-X, ASA 5520, ASA 5525-X, ASA 5540, ASA 5545-X, ASA 5550, ASA 5555-X, ASA 5580, ASA 5585-X, ASA 5505 Adding an EtherType Rule (Transparent Mode Only)

37-8

Cisco ASA 5500 Series Configuration Guide using ASDM

Chapter37 Configuring Access Rules

Configuring Access Rules

Step7 To browse for a user name or user group, click the ellipsis (...) button. The Browse User dialog box

appears. See the Adding Users and Groups to Access Rules, page39-20 for information.

Step8 In the Destination field, enter an IP address that specifies the network, interface IP, any address to which

traffic is permitted or denied from the source specified in the Source field.

Step9 Select the service type.

Step10 (Optional) To add a time range to your access rule that specifies when traffic can be allowed or denied,

click More Options to expand the list.

a. To the right of the Time Range drop down list, click the browse button.

The Browse Time Range dialog box appears.

b. Click Add.

The Add Time Range dialog box appears.

c. In the Time Range Name field, enter a time range name, with no spaces.

d. Choose the Start Time and the End Time.

e. To specify additional time constraints for the time range, such as specifying the days of the week or

the recurring weekly interval in which the time range will be active, click Add, and choose the

specifications.

f. Click OK to apply the optional time range specifications.

Step11 (Optional) In the Description field, add a text description about the access rule.

The description can contain multiple lines; however, each line can be no more than 100 characters in

length.

Step12 (Optional) Logging is enabled by default. You can disable logging by unchecking the check box, or you

can change the logging level from the drop-down list. The default logging level is Informational.

Step13 Click OK. The access rule appears with the newly configured access rules.

Step14 Click Apply to save the access rule to your configuration.

Note After you add access rules, you can click the following radio buttons to filter which access rules appear

in the main pane: IPv4 and IPv6, IPv4 Only, or IPv6 Only.

You can edit or delete a particular access rule by selecting the rule and then clicking Edit or Delete.

Adding an EtherType Rule (Transparent Mode Only)

The EtherType Rules window shows access rules based on packet EtherTypes. EtherType rules are used

to configure non-IP related traffic policies through the ASA when operating in transparent mode. In

transparent mode, you can apply both extended and EtherType access rules to an interface. EtherType

rules take precedence over the extended access rules.

For more information about EtherType rules, see the “Information About Access Rules” section on

page 37-1.

To add an EtherType rule, perform the following steps:

Cisco Systems Adding an EtherType Rule (Transparent Mode Only)