4-62
Device Manager Guide, Cisco ACE 4700 Series Application Control Engine Appliance
OL-26645-02
Chapter 4 Configuring Virtual Contexts
Configuring Security with ACLs
Step 2 Click Add. The New Access List configuration screen appears.
Step 3 Enter the ACL name in the ACL Properties pane and choose the type as Extended.
Choose the IP Address Type as either IPV6 or IPv4.
Step 4 Configure extended ACL entries using the information in Table 4-17.
Table 4-17 Extended ACL Configuration Options
Field Description
Entry Attributes
Line Number Enter a number that specifies the position of this entry in the ACL. The position of an entry
affects the lookup order of the entries in an ACL. To change the sequence of existing extended
ACLs, see the “Resequencing Extended ACLs” section on page 4-66.
Action Action to be taken (permit/deny).
Service Object Group Select a service object group to apply to this ACL.
Protocol Select the protocol or protocol number to apply to this ACL entry. Table 4-18 lists common
protocol names and numbers.
ICMP Type Select the ICMP type or number for this protocol.
• Table 4-19 lists common ICMP types and numbers, per RFC 792.
• Table 4-20 lists the common ICMPv6 types and associated numbers, per RFC 4443.
Message Code Operator Choose the operand to use when comparing message codes for this service object:
• Equal To—The message code must be the same as the number in the Message Code field.
• Greater Than—The message code must be greater than the number in the Message Code
field.
• Less Than—The message code must be less than the number in the Message Code field.
• Not Equal To—The message code must not equal the number in the Message Code field.
• Range—The message code must be within the range of codes specified by the Min.
Message Code field and the Max. Message Code field.
Message Code This field appears if you select Equal To, Greater Than, Less Than, or Not Equal To in the
Message Code Operator field.
Enter the ICMP message code for this service object.
Min. Message Code This field appears if you select Range in the Message Code Operator field.
Enter the number that is the beginning value for a range of services for this service object.
Valid entries are integers from 0 to 255. The number in this field must be less than the number
entered in the Max. Message Code field.
Max. Message Code This field appears if you select Range in the Message Code Operator field.
Enter the number that is the ending value for a range of services for this service object. Valid
entries are integers from 0 to 255. The number in this field must be greater than the number
entered in the Min. Message Code field.
Comments to this Manuals