Access Rules

Access Rules
The Access Rules window, shown in Figure 15-8, gives the security administrator a place to
add or modify an access-list rule for the Security Appliance. This window combines the
concepts of access lists, outbound lists, and conduits to describe how a specific host or
network interacts with another host or network to permit or deny a specific service and/or
protocol. Clicking the Add or Edit button will open a new window, shown in Figure 15-8,
which will allow you to configure or modify an access rule. The options available in this
window are the same as if you are configuring an access-list rules statement from the CLI,
including source and destination classifications, as well as source and destination ports.
Access rules are listed in sequential order and are applied in the order in which they appear
on the Access Rules tab. This is the order in which the PIX Firewall evaluates them. An
implicit, unwritten rule denies all traffic that is not permitted. If traffic is not explicitly
permitted by an access rule, it is denied. Additionally, the window displays a diagram that
helps the security administrator understand how the new rule will be applied on the Security
Appliance.

Security Policies Tab

Security Policies Tab
The Security Policies tab, shown in Figure 15-7, lets you view and configure all of the security
rules and policies for the Security Appliance. The available rules, located at the top of the
tab, are as follow:
■ Access Rules—Displays your entire network security policy expressed in rules. This
window enables the security administrator to define access control lists (ACL).
■ AAA Rules—Displays your AAA configuration. The security administrator can define
and modify AAA rules.
■ Filter Rules—Displays the filter rules that are currently configured on the Security
Appliance. It also provides buttons that the security administrator can use to add or
modify the filter rule.
■ Service Policy Rules—Define how specific types of application inspection are applied to
different types of traffic received by the Security Appliance. The security administrator
can apply a rule specifically to an interface or globally to every interface.

Dynamic Host Configuration Protocol

■ Dynamic Host Configuration Protocol (DHCP) settings for the inside interface, as a
DHCP server.
The Startup Wizard helps you set up a shell configuration—a basic configuration for your
Cisco Security Appliance, as the initial “setup” program does for the CLI. To customize and
modify your Security Appliance configuration, ASDM provides the Configuration button.
After you click the Configuration button on ASDM, you see nine main tabs for configuring
and modifying the Security Appliance configuration:
■ Interfaces
■ Security Policies
■ NAT
■ VPN
■ IPS (Optional)
■ Routing
■ Building Blocks
■ Device Administration
■ Properties

Cisco Security Appliance Adaptive Security Device Manager Startup Wizard

Cisco Security Appliance Adaptive Security Device Manager Startup Wizard
The Startup Wizard configures the following attributes on your Cisco Security Appliance:
■ A host name for your Security Appliance.
■ A domain name for your Security Appliance.
■ A default gateway for your Security Appliance.
■ An enable password that is required to access ASDM or the Security Appliance’s CLI.
■ The speed and IP address information of the outside interface on the Security Appliance.
■ Your Security Appliance’s other interfaces, such as the inside or demilitarized zone
(DMZ) interfaces, can be configured from the Startup Wizard.
■ Network Address Translation (NAT) or Port Address Translation (PAT) rules for your
Security Appliance.

ASDM Installation Procedures

ASDM Installation Procedures
PIXFIREWALL(config)# copy tftp flash:pdm
Address or name of remote host [127.0.0.1] 192.168.1.2
Source file name [cdisk] asdm-500.bin
copying tftp://192.168.1.2/ asdm-500.bin to flash:asdm
[yes | no | again]y