I'm a CLI junkie now using ASDM v5.2(3) on ASA55x0. Where are the named access-lists I'm used to working with in PIX 6.3(x) CLI? I want to continue to create my named access-lists so I and my colleagues can continue to use our standard templates for configuration tasks. I'm not interested in the ones created automatically such as "access-list in_out-back_forth-UpDown-interfaceSomeWhere0.1". These only confuse my staff when trynig to complete config tasks.
As far as I know the names of the acl's are not displayed in Config -> Firewall -> Security Policy, but the names are displayed in the "Acl Manager". Not sure how to get to this in asdm 5, I think one way is through VPN -> Group Policy-> Client Configuration-> Split Tunnel -> Manage (ACL List)
Adam - yes you are correct - strange that they have to be accessed via Split Tunnel Network List, but so be it. I can now create a named ACL with our standardized names, but how do I reference it by name later when applying to some policy?
Once the acl "AllowInbound" is created you can still edit/add to it in the Config -> Firewall -> Security Policy page.
Although it is not referenced by the name "AllowInbound", you will notice that the regular security policy page references the acl's by which interface they are assigned to and which direction. Therefore in the above example, you can edit the rules under the heading "outside (# incoming rules)".
Adam - thx for the help. I will have to rethink the use of ASDM for initial config by our techs. We have standardized templates that they copy/paste into the CLI. The ASDM is nice, but it tends to hide too much and to me at least makes it difficult to config the device the way I need to.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...