Cisco Asdm 7 User Guide

 
6-33
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 6      Configuring NAT (ASA 8.2 and Earlier)
  Using NAT Exemption
–You use a WAAS device that requires the ASA not to randomize the sequence numbers of 
connections.
Maximum TCP Connections—Specifies the maximum number of TCP connections, between 0 and 
65,535. If this value is set to 0, the number of connections is unlimited.
Maximum UDP Connections—Specifies the maximum number of UDP connections, between 0 
and 65,535. If this value...

 
6-34
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 6      Configuring NAT (ASA 8.2 and Earlier)
  Using NAT Exemption
Step 3In the Original area, from the Interface drop-down list, choose the interface that is connected to the hosts 
with real addresses that you want to exempt.
Step 4Enter the real addresses in the Source field, or click the ... button to choose an IP address that you already 
defined in ASDM.
Specify the address and subnet mask using prefix/length notation, such as...

 
PART 3
Configuring Access Control 

CH A P T E R
 
7-1
Cisco ASA Series Firewall ASDM Configuration Guide
 
7
Configuring Access Rules
This chapter describes how to control network access through the ASA using access rules and includes 
the following sections:
Information About Access Rules, page 7-1
Licensing Requirements for Access Rules, page 7-7
Guidelines and Limitations, page 7-7
Default Settings, page 7-7
Configuring Access Rules, page 7-8
Feature History for Access Rules, page 7-14
NoteYou use access rules to control network access...

 
7-2
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 7      Configuring Access Rules
  Information About Access Rules
General Information About Rules
This section describes information for both access rules and EtherType rules, and it includes the 
following topics:
Implicit Permits, page 7-2
Information About Interface Access Rules and Global Access Rules, page 7-2
Using Access Rules and EtherType Rules on the Same Interface, page 7-2
Rule Order, page 7-3
Implicit Deny, page 7-3
Using...

 
7-3
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 7      Configuring Access Rules
  Information About Access Rules
Rule Order
The order of rules is important. When the ASA decides whether to forward or drop a packet, the ASA 
tests the packet against each rule in the order in which the rules are listed. After a match is found, no 
more rules are checked. For example, if you create an access rule at the beginning that explicitly permits 
all traffic for an interface, no further rules are...

 
7-4
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 7      Configuring Access Rules
  Information About Access Rules
Note“Inbound” and “outbound” refer to the application of an ACL on an interface, either to traffic entering 
the ASA on an interface or traffic exiting the ASA on an interface. These terms do not refer to the 
movement of traffic from a lower security interface to a higher security interface, commonly known as 
inbound, or from a higher to lower interface, commonly known as...

 
7-5
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 7      Configuring Access Rules
  Information About Access Rules
Guidelines and Limitations
Context Mode Guidelines
Supported in single and multiple context mode.
Firewall Mode Guidelines
Supported in routed and transparent firewall mode. 
IPv6 Guidelines
Supports IPv6.
Additional Guidelines and Limitations
Evaluate the following alternatives before using the transactional commit model:
While using large rules, try to optimize the number...

 
7-6
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 7      Configuring Access Rules
  Information About Access Rules
Ta b l e 7 - 1 lists common traffic types that you can allow through the transparent firewall.
Management Access Rules
You can configure access rules that control management traffic destined to the ASA. Access control rules 
for to-the-box management traffic (such as HTTP, Telnet, and SSH) have higher precedence than an 
management access rule. Therefore, such permitted...