Cisco Systems VPN 3000 TCP Connection, Source Address

Configuration | Policy Management | Traffic Management | Rules | Add, Modify, or Copy

13-15

VPN 3000 Concentrator Series User Guide

Click the drop-down menu button and select the protocol to which this rule applies.

Any = Any protocol [255] (the default selection).

ICMP = Internet Control Message Protocol [1] (used by ping, for example). If you select this

protocol, you should also configure ICMP Packet Type.

TCP = Transmission Control Protocol [6] (connection-oriented; e.g., FTP, HTTP, SMTP, and Telnet).

If you select this protocol, you should configure TCP Connection and TCP/UDP Source Port or

Destination Port.

EGP = Exterior Gateway Protocol [8] (used for routing to exterior networks).

IGP = Interior Gateway Protocol [9] (used for routing within a domain) .

UDP = User Datagram Protocol [17] (connectionless; e.g., SNMP). If you select this protocol, you

should also configure TCP/UDP Source Port or Destination Port.

ESP = Encapsulation Security Payload [50] (applies to IPSec).

AH = Authentication Header [51] (applies to IPSec).

GRE = Generic Routing Encapsulation [47] (used by PPTP).

RSVP = Resource Reservation Protocol [46] (reserves bandwidth on routers).

IGMP = Internet Group Management Protocol [2] (used in multicasting).

OSPF = Open Shortest Path First [89] (interior routing protocol).

Other = Other protocol not listed here. If you select Other here, you must enter the IANA-assigned

protocol number in the Other field.

TCP Connection

Click the drop-down menu button and select whether this rule applies to packets from established TCP

connections. For example, you might want a rule to forward only those TCP pac kets that originate from

established connections on the public network interface, to provide maximum protection against

“spoofing.” The choices are:

Established = Apply rule to packets from established TCP connections only.

Don’t Care = Apply rule to any TCP packets, whether from established connections or new

connections (the default selection).

Source Address

Specify the packet source address that this rule checks; i.e ., the address of the sender.

Network List

Click the drop-down menu button and select the configured network list that specifies the source

addresses. A network list is a list of network addresses that are treated as a single object. See the

Configuration | Policy Management | Traffic Management | Network Lists screens. Otherwise, you can select:

Use IP Address/Wildcard-mask below, which lets you enter a network address.

If you select a configured network list, the Manager ignores entries in the IP Address and Wildcard-mask

fields.