Cisco ASA Series Cli Configuration Manual page 570

Where to Go Next
Where to Go Next
Many features use ACLs. Apply the ACL to an interface. See the
on page 1-7
Feature History for Extended ACLs
Table 1-2
Table 1-2 Feature History for Extended ACLs
Feature Name
Extended ACLs
Real IP addresses
Support for Identity Firewall
Support for TrustSec
Cisco ASA Series CLI Configuration Guide
1-12
for more information.
lists the release history for this feature.
Releases
7.0(1)
8.3(1)
8.4(2)
9.0(1)
Chapter 1 Adding an Extended Access Control List
"Configuring Access Rules" section
Feature Information
ACLs are used to control network access or to specify traffic
for many features to act upon. An extended access control
list is made up of one or more access control entries (ACE)
in which you can specify the line number to insert the ACE,
the source and destination addresses, and, depending upon
the ACE type, the protocol, the ports (for TCP or UDP), or
the IPCMP type (for ICMP).
We introduced the following command: access-list
extended.
When using NAT or PAT, mapped addresses and ports are no
longer required in an ACL for several features. You should
now always use the real, untranslated addresses and ports
for these features. Using the real address and port means
that if the NAT configuration changes, you do not need to
change the ACLs. See the
Addresses" section on page 1-2
You can now use identity firewall users and groups for the
source and destination. You can use an identity firewall
ACL with access rules, AAA rules, and for VPN
authentication.
We modified the following commands: access-list
extended.
You can now use TrustSec security groups for the source
and destination. You can use an identity firewall ACL with
access rules.
We modified the following commands: access-list
extended.
"Features That Use Real IP
for more information.