History For Access Rules - Cisco ASA Series Configuration Manual
Firewall cli, asa services module, and the adaptive security virtual appliance
Hide thumbs
Also See for ASA Series:
- Cli configuration manual (2164 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
History for Access Rules
The following example denies traffic with EtherType 0x1256 but allows all others on both interfaces:
hostname(config)# access-list nonIP ethertype deny 1256
hostname(config)# access-list nonIP ethertype permit any
hostname(config)# access-group ETHER in interface inside
hostname(config)# access-group ETHER in interface outside
The following example uses object groups to permit specific traffic on the inside interface:
!
hostname (config)# object-group service myaclog
hostname (config-service)# service-object tcp source range 2000 3000
hostname (config-service)# service-object tcp source range 3000 3010 destinatio$
hostname (config-service)# service-object ipsec
hostname (config-service)# service-object udp destination range 1002 1006
hostname (config-service)# service-object icmp echo
hostname(config)# access-list outsideacl extended permit object-group myaclog interface
inside any
History for Access Rules
Feature Name
Interface access rules
Global access rules
Support for Identity Firewall
EtherType ACL support for IS-IS traffic
Support for TrustSec
Cisco ASA Series Firewall CLI Configuration Guide
4-12
Platform
Releases
Description
7.0(1)
Controlling network access through the ASA using ACLs.
We introduced the following command: access-group.
8.3(1)
Global access rules were introduced.
We modified the following command: access-group.
8.4(2)
You can now use identity firewall users and groups for the
source and destination. You can use an identity firewall
ACL with access rules, AAA rules, and for VPN
authentication.
We modified the following commands: access-list
extended.
8.4(5), 9.1(2) In transparent firewall mode, the ASA can now pass IS-IS
traffic using an EtherType ACL.
We modified the following command: access-list ethertype
{permit | deny} isis.
9.0(1)
You can now use TrustSec security groups for the source
and destination. You can use an identity firewall ACL with
access rules.
We modified the following commands: access-list
extended.
Chapter 4
Access Rules
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
