Cisco Systems ASA 5545-X, ASA 5555-X, ASA 5580, ASA 5585-X, ASA Services Module, ASA 5505 Configuring Access Rules, Adding an Access Rule

7-8

Cisco ASA Series Firewall ASDM Configuration Guide

Chapter7 Configuring Access Rules

Guidelines and Limitations

Configuring Access Rules

This section includes the following topics:

•Adding an Access Rule, page7-8

•Adding an EtherType Rule (Transparent Mode Only), page7-9

•Configuring Management Access Rules, page7-10

•Advanced Access Rule Configuration, page7-11

•Configuring HTTP Redirect, page7-12

•Configuring Transactional Commit Model, page7-13

Adding an Access Rule

To apply an access rule, perform the following steps.

Detailed Steps

Step1 Choose Configuration > Firewall > Access Rules.

Step2 Click Add, and choose one of the following options:

The Add Access Rule dialog box appears.

Step3 From the Interface drop-down list, choose the interface on which to apply the rule. Choose Any to apply

a global rule.

Step4 In the Action field, click one of the following radio buttons next to the desired action:

•Permit—Permits access if the conditions are matched.

•Deny—Denies access if the conditions are matched.

Step5 In the Source field, enter an IP address that specifies the network, interface IP, or any address from which

traffic is permitted or denied to the specified destination. You may use either an IPv4 or IPv6 address.

For more information about enabling IPv6 on an interface, see the “Configuring IPv6 Addressing”

section on page 13-15 in the general operations configuration guide.

Step6 In the User field, enter a user name or group to the ACL. Enter the user name in the format

domain_NetBIOS_name\user_name. Enter the group name in the format

domain_NetBIOS_name\group_name.

You can configure access rules based on user names and user group names rather than through source IP

addresses. The ASA applies the security policies based on an association of IP addresses to Windows

Active Directory login information and reports events based on the mapped user names instead of

network IP addresses.

See the “Configuring Identity-Based Security Policy” section on page38-16 in the general operations

configuration guide for more information.

Step7 To browse for a user name or user group, click the ellipsis (...) button. The Browse User dialog box

appears.

Step8 In the Destination field, enter an IP address that specifies the network, interface IP, any address to which

traffic is permitted or denied from the source specified in the Source field. You may use either an IPv4

or IPv6 address.

Cisco Systems Configuring Access Rules, Adding an Access Rule