Home > Cisco > Computer Equipment > Cisco Asdm 7 User Guide

Cisco Asdm 7 User Guide

Add to Favourites
    Download as PDF

    Here you can view all the pages of manual Cisco Asdm 7 User Guide. The Cisco manuals for Computer Equipment are available online for free. You can easily download all the documents as PDF.

    Overview View all the pages Comments

    Page 31

    Page 31 1-5 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Licensing Requirements for Service Policies Incompatibility of Certain Feature Actions Some features are not compatible with each other for the same traffic. The following list may not include all incompatibilities; for information about compatibility of each feature, see the chapter or section for your feature: You cannot configure QoS priority queueing and QoS policing for the same set of traffic.... 
     
1-5
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 1      Configuring a Service Policy
  Licensing Requirements for Service Policies
Incompatibility of Certain Feature Actions
Some features are not compatible with each other for the same traffic. The following list may not include 
all incompatibilities; for information about compatibility of each feature, see the chapter or section for 
your feature:
You cannot configure QoS priority queueing and QoS policing for the same set of traffic....

    Page 32

    Page 32 1-6 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Guidelines and Limitations Guidelines and Limitations This section includes the guidelines and limitations for this feature. Context Mode Guidelines Supported in single and multiple context mode. Firewall Mode Guidelines Supported in routed and transparent firewall mode. IPv6 Guidelines Supports IPv6 for the following features: Application inspection for DNS, FTP, HTTP, ICMP, ScanSafe, SIP, SMTP,... 
     
1-6
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 1      Configuring a Service Policy
  Guidelines and Limitations
Guidelines and Limitations
This section includes the guidelines and limitations for this feature.
Context Mode Guidelines
Supported in single and multiple context mode.
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
IPv6 Guidelines
Supports IPv6 for the following features:
Application inspection for DNS, FTP, HTTP, ICMP, ScanSafe, SIP, SMTP,...

    Page 33

    Page 33 1-7 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Default Settings You can only apply one global policy. For example, you cannot create a global policy that includes feature set 1, and a separate global policy that includes feature set 2. All features must be included in a single policy. When you make service policy changes to the configuration, all new connections use the new service policy. Existing connections continue to use the policy that... 
     
1-7
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 1      Configuring a Service Policy
  Default Settings
You can only apply one global policy. For example, you cannot create a global policy that includes 
feature set 1, and a separate global policy that includes feature set 2. All features must be included 
in a single policy.
When you make service policy changes to the configuration, all new connections use the new service 
policy. Existing connections continue to use the policy that...

    Page 34

    Page 34 1-8 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Task Flows for Configuring Service Policies IP Options Default Traffic Classes The configuration includes a default traffic class that the ASA uses in the default global policy called Default Inspection Traffic; it matches the default inspection traffic. This class, which is used in the default global policy, is a special shortcut to match the default ports for all inspections. When used in a... 
     
1-8
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 1      Configuring a Service Policy
  Task Flows for Configuring Service Policies
IP Options
Default Traffic Classes
The configuration includes a default traffic class that the ASA uses in the default global policy called 
Default Inspection Traffic; it matches the default inspection traffic. This class, which is used in the 
default global policy, is a special shortcut to match the default ports for all inspections. When used in a...

    Page 35

    Page 35 1-9 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Adding a Service Policy Rule for Through Traffic NoteWhen you click the Add button, and not the small arrow on the right of the Add button, you add a through traffic rule by default. If you click the arrow on the Add button, you can choose between a through traffic rule and a management traffic rule. Step 2In the Create a Service Policy and Apply To area, click one of the following options:... 
     
1-9
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 1      Configuring a Service Policy
  Adding a Service Policy Rule for Through Traffic
NoteWhen you click the Add button, and not the small arrow on the right of the Add button, you add 
a through traffic rule by default. If you click the arrow on the Add button, you can choose 
between a through traffic rule and a management traffic rule.
Step 2In the Create a Service Policy and Apply To area, click one of the following options:...

    Page 36

    Page 36 1-10 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Adding a Service Policy Rule for Through Traffic Global - applies to all interfaces. This option applies the service policy globally to all interfaces. By default, a global policy exists that includes a service policy rule for default application inspection. See the “Default Settings” section on page 1-7 for more information. You can add a rule to the global policy using the wizard. a.If it is a... 
     
1-10
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 1      Configuring a Service Policy
  Adding a Service Policy Rule for Through Traffic
Global - applies to all interfaces. This option applies the service policy globally to all interfaces. 
By default, a global policy exists that includes a service policy rule for default application 
inspection. See the “Default Settings” section on page 1-7 for more information. You can add a rule 
to the global policy using the wizard.
a.If it is a...

    Page 37

    Page 37 1-11 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Adding a Service Policy Rule for Through Traffic –TCP or UDP Destination Port—The class matches a single port or a contiguous range of ports. TipFor applications that use multiple, non-contiguous ports, use the Source and Destination IP Address (uses ACL) to match each port. –RTP Range—The class map matches RTP traffic. –IP DiffServ CodePoints (DSCP)—The class matches up to eight DSCP values in the... 
     
1-11
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 1      Configuring a Service Policy
  Adding a Service Policy Rule for Through Traffic
–TCP or UDP Destination Port—The class matches a single port or a contiguous range of ports.
TipFor applications that use multiple, non-contiguous ports, use the Source and Destination IP 
Address (uses ACL) to match each port.
–RTP Range—The class map matches RTP traffic.
–IP DiffServ CodePoints (DSCP)—The class matches up to eight DSCP values in the...

    Page 38

    Page 38 1-12 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Adding a Service Policy Rule for Through Traffic Specify the address and subnet mask using prefix/length notation, such as 10.1.1.0/24. If you enter an IP address without a mask, it is considered to be a host address, even if it ends with a 0. Enter any to specify any source address. Separate multiple addresses by a comma. c.In the Destination field, enter the destination IP address, or click the... 
     
1-12
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 1      Configuring a Service Policy
  Adding a Service Policy Rule for Through Traffic
Specify the address and subnet mask using prefix/length notation, such as 10.1.1.0/24. If you 
enter an IP address without a mask, it is considered to be a host address, even if it ends with a 0.
Enter any to specify any source address.
Separate multiple addresses by a comma.
c.In the Destination field, enter the destination IP address, or click the...

    Page 39

    Page 39 1-13 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Adding a Service Policy Rule for Management Traffic Add additional values as desired, or remove them using the Remove button. Step 7Click Next. The Add Service Policy Rule - Rule Actions dialog box appears. Step 8Configure one or more rule actions. See the “Supported Features” section on page 1-1 for a list of features. Step 9Click Finish. Adding a Service Policy Rule for Management Traffic You can... 
     
1-13
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 1      Configuring a Service Policy
  Adding a Service Policy Rule for Management Traffic
Add additional values as desired, or remove them using the Remove button.
Step 7Click Next.
The Add Service Policy Rule - Rule Actions dialog box appears.
Step 8Configure one or more rule actions. See the “Supported Features” section on page 1-1 for a list of 
features.
Step 9Click Finish.
Adding a Service Policy Rule for Management Traffic
You can...

    Page 40

    Page 40 1-14 Cisco ASA Series Firewall ASDM Configuration Guide Chapter 1 Configuring a Service Policy Adding a Service Policy Rule for Management Traffic Identify the traffic using one of several criteria: –Source and Destination IP Address (uses ACL)—The class matches traffic specified by an extended ACL. If the ASA is operating in transparent firewall mode, you can use an EtherType ACL. NoteWhen you create a new traffic class of this type, you can only specify one access control entry (ACE)... 
     
1-14
Cisco ASA Series Firewall ASDM Configuration Guide
 
Chapter 1      Configuring a Service Policy
  Adding a Service Policy Rule for Management Traffic
Identify the traffic using one of several criteria:
–Source and Destination IP Address (uses ACL)—The class matches traffic specified by an 
extended ACL. If the ASA is operating in transparent firewall mode, you can use an EtherType 
ACL.
NoteWhen you create a new traffic class of this type, you can only specify one access control 
entry (ACE)...
    Start reading Cisco Asdm 7 User Guide
    All Cisco manuals