6-51
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter6 Managing Policy Objects
Creating Access Control List Objects
Related Topics
Creating Access Control List Objects, page 6-49
Understanding Access Rule Address Requirements and How Rules Are Deployed, page 16-5
Creating Policy Objects, page 6-9
Understanding Networks/Hosts Objects, page 6-74
Understanding and Specifying Services and Service and Port List Objects, page 6-86
Step 1 Choose Manage > Policy Objects to open the Policy Object Manager (see Policy Object Manager,
page 6-4).
Step 2 From the Object Type selector, select Access Control Lists.
The Access Control List page appears. The Extended tab is displayed by default.
Step 3 Right-click inside the work area, then select New Object.
The Add Extended Access List dialog box appears (see Add or Edit Access List Dialog Boxes,
page 6-55).
Step 4 Enter a name for the object and optionally a description of the object.
Step 5 Right-click inside the table in the dialog box, then select Add.
The Add Extended Access Control Entry dialog box appears.
Step 6 Create the access control entry:
If you choose Access Control Entry for Type, specify the characteristics of the traffic that you want
to match and whether you are permitting or denying the traffic. Enter the source addresses whence
the traffic originates, the destination addresses whither the traffic travels, and the services that define
the characteristics of the traffic. Click Advanced to define logging options. For detailed information
about the fields on the dialog box, see Add and Edit Extended Access Control Entry Dialog Boxes,
page 6-56.
If you choose ACL Ob ject, select the object in the available objects list and click >> to add it to the
list of selected objects.
Step 7 Click OK to save your changes.
The dialog box closes and you return to the Add Extended Access List page. The new entry is shown in
the table. If necessary, select it and click the up or down buttons to position it at the desired location.
Step 8 (Optional) Under Category, select a category to help you identify this object in the Objects table. See
Using Category Objects, page 6-12.
Step 9 Click OK to save the object.
Creating Standard Access Control List Objects
A standard access control list allows you to permit or deny traffic from specific IP addresses. The
destination of the packet and the ports involved can be anything. Standard IP ACLs range from 1 to 99.
Standard ACL example:
access-list 10 permit 192.168.2.0 0.0.0.255
Uses: