Cisco ASA 5505 Configuration Manual page 636

Information About Access Rules
Figure 30-1
10.1.1.14
Using Global Access Rules
Global access rules allow you to apply a global rule to ingress traffic without the need to specify an
interface to which the rule must be applied. Using global access rules provides the following benefits:
•
•
•
•
You can configure global access rules in conjunction with interface access rules, in which case, the
specific interface access rules are always processed before the general global access rules.
Information About Access Rules
This section describes information about access rules and includes the following topics:
•
•
Cisco ASA 5500 Series Configuration Guide using ASDM
30-4
Outbound Access List
Security
appliance
Permit HTTP from 209.165.201.4, 209.165.201.6,
and
Deny all others
Inside
ACL Inbound
Permit from any to any
209.165.201.4
Static NAT
When migrating to the adaptive security appliance from a competitor appliance, you can maintain a
global access rule policy instead of needing to apply an interface-specific policy on each interface.
Global access control policies are not replicated on each interface, so they save memory space.
Global access rules provides flexibility in defining a security policy. You do not need to specify
which interface a packet comes in on, as long as it matches the source and destination IP addresses.
Global access rules use the same mtrie and stride tree as interface-specific access rules, so
scalability and performance for global rules are the same as for interface-specific rules.
Access Rules for Returning Traffic, page 30-5
Allowing Broadcast and Multicast Traffic through the Transparent Firewall Using Access Rules,
page 30-5
Web Server:
209.165.200.225
Outside
ACL Outbound
209.165.201.8 to 209.165.200.225
HR
ACL Inbound
Permit from any to
10.1.2.67 209.165.201.6
Static NAT
Chapter 30 Configuring Access Rules
Eng
ACL Inbound
any Permit from any
10.1.3.34
Static NAT
to any
209.165.201.8
OL-20339-01