EasyManuals Logo
Home>Cisco>Network Hardware>ASA Series

Cisco ASA Series User Manual

Cisco ASA Series
2164 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #567 background imageLoading...
Page #567 background image
1-9
Cisco ASA Series CLI Configuration Guide
Chapter 1 Adding an Extended Access Control List
Configuring Extended ACLs
Detailed Steps
Adding Remarks to ACLs
You can include remarks about entries in any ACL. The remarks make the ACL easier to understand.
To add a remark after the last access-list command you entered, enter the following command.
Detailed Steps
Examples
You can add remarks before each ACE, and the remark appears in the ACL in this location. Entering a
dash (-) at the beginning of the remark helps set it apart from the ACEs.
hostname(config)# access-list OUT remark - this is the inside admin address
hostname(config)# access-list OUT extended permit ip host 209.168.200.3 any
hostname(config)# access-list OUT remark - this is the hr admin address
hostname(config)# access-list OUT extended permit ip host 209.168.200.4 any
Command Purpose
access-list access_list_name [line
line_number] extended {deny | permit}
protocol_argument
[security_group_argument]
source_address_argument [port_argument]
[security_group_argument]
dest_address_argument [port_argument]
[log [[level] [interval secs] | disable |
default]] [inactive | time-range
time_range_name]
Example:
hostname(config)# access-list v1 extended
permit ip user LOCAL\idfw any 10.0.0.0
255.255.255.0
Adds an ACE for IP address or FQDN policy, as well as optional security
groups. For common keywords and arguments, see the Adding an ACE for
IP Address or Fully Qualified Domain Name-Based Policy” section on
page 1-4. Keywords and arguments specific to this type of ACE include the
following:
security_group_argument is for use with the TrustSec feature, and
specifies the security group for which to match traffic in addition to the
source or destination address. Available arguments include the following:
object-group-security security_obj_grp_id—Specifies a security
object group created using the object-group security command.
security-group {name security_grp_id | tag
security_grp_tag}—Specifies a security group name or tag.
Note Although not shown in the syntax at left, you can also use Identity
Firewall user arguments.
Command Purpose
access-list access_list_name remark text
Example:
hostname(config)# access-list OUT remark -
this is the inside admin address
Adds a remark after the last access-list command you entered.
The text can be up to 100 characters in length. You can enter leading spaces
at the beginning of the text. Trailing spaces are ignored.
If you enter the remark before any access-list command, then the remark
is the first line in the ACL.
If you delete an ACL using the no access-list access_list_name command,
then all the remarks are also removed.

Table of Contents

Other manuals for Cisco ASA Series

Preview: Configuration Guide
Configuration Guide428 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
BrandCisco
ModelASA Series
CategoryNetwork Hardware
LanguageEnglish

Related product manuals