Cisco Asdm 7 User Guide
Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.
Page 31
1-5 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Licensing Requirements for Service Policies Incompatibility of Certain Feature Actions Some features are not compatible with each other for the same traffic. The following list may not include all incompatibilities; for information about compatibility of each feature, see the chapter or section for your feature: You cannot configure QoS priority queueing and QoS policing for the same set of traffic....
Page 32
1-6 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Guidelines and Limitations Guidelines and Limitations This section includes the guidelines and limitations for this feature. Context Mode Guidelines Supported in single and multiple context mode. Firewall Mode Guidelines Supported in routed and transparent firewall mode. IPv6 Guidelines Supports IPv6 for the following features: Application inspection for DNS, FTP, HTTP, ICMP, ScanSafe, SIP, SMTP,...
Page 33
1-7 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Default Settings You can only apply one global policy. For example, you cannot create a global policy that includes feature set 1, and a separate global policy that includes feature set 2. All features must be included in a single policy. When you make service policy changes to the configuration, all new connections use the new service policy. Existing connections continue to use the policy that...
Page 34
1-8 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Task Flows for Configuring Service Policies IP Options Default Traffic Classes The configuration includes a default traffic class that the ASA uses in the default global policy called Default Inspection Traffic; it matches the default inspection traffic. This class, which is used in the default global policy, is a special shortcut to match the default ports for all inspections. When used in a...
Page 35
1-9 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Adding a Service Policy Rule for Through Traffic NoteWhen you click the Add button, and not the small arrow on the right of the Add button, you add a through traffic rule by default. If you click the arrow on the Add button, you can choose between a through traffic rule and a management traffic rule. Step 2In the Create a Service Policy and Apply To area, click one of the following options:...
Page 36
1-10 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Adding a Service Policy Rule for Through Traffic Global - applies to all interfaces. This option applies the service policy globally to all interfaces. By default, a global policy exists that includes a service policy rule for default application inspection. See the “Default Settings” section on page 1-7 for more information. You can add a rule to the global policy using the wizard. a.If it is a...
Page 37
1-11 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Adding a Service Policy Rule for Through Traffic –TCP or UDP Destination Port—The class matches a single port or a contiguous range of ports. TipFor applications that use multiple, non-contiguous ports, use the Source and Destination IP Address (uses ACL) to match each port. –RTP Range—The class map matches RTP traffic. –IP DiffServ CodePoints (DSCP)—The class matches up to eight DSCP values in the...
Page 38
1-12 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Adding a Service Policy Rule for Through Traffic Specify the address and subnet mask using prefix/length notation, such as 10.1.1.0/24. If you enter an IP address without a mask, it is considered to be a host address, even if it ends with a 0. Enter any to specify any source address. Separate multiple addresses by a comma. c.In the Destination field, enter the destination IP address, or click the...
Page 39
1-13 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Adding a Service Policy Rule for Management Traffic Add additional values as desired, or remove them using the Remove button. Step 7Click Next. The Add Service Policy Rule - Rule Actions dialog box appears. Step 8Configure one or more rule actions. See the “Supported Features” section on page 1-1 for a list of features. Step 9Click Finish. Adding a Service Policy Rule for Management Traffic You can...
Page 40
1-14 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Adding a Service Policy Rule for Management Traffic Identify the traffic using one of several criteria: –Source and Destination IP Address (uses ACL)—The class matches traffic specified by an extended ACL. If the ASA is operating in transparent firewall mode, you can use an EtherType ACL. NoteWhen you create a new traffic class of this type, you can only specify one access control entry (ACE)...
All Cisco manuals