6-83
User
Guide

for

the

Cisco

Application

Networking

Manager

5.2
OL-26572-01
Chapter
6






Configuring

Virtual

Contexts
Configuring
Security

with

ACLs
Step
4
In
the

ACL

Properties

pane,
do
the
following:
a.
Enter
the

ACL

name.
b.
For
t

he
ACL
t

ype,

choose
Extended.
c.
For
t

he
IP
address

t

ype,

choose

ei

ther
IPv4
or

IPv6.

This

field

appears

only

for

ACE

module

and
ACE
appliance

software

Version

A5(1.0)

or

later,

which

supports

IPv4

and

IPv6.
d.
(Optional)
In
the
Remark

text
box,
enter
comments

that

you
want
to
include
for
this

ACL.

Valid
entries
are

unquoted

text

strings

with

a

maximum

of

100

characters.

You

can

enter

leading

spaces

at
the
beginning

of

the

t

ext

or

spe

cial

characters.

Trailing

spaces

ar

e

i

gnored.
Step
5
Configure
extended
ACL
entries

using
the
information

in
Ta
b

l

e
6-19
.
Note
Fields
and

information

related

to
IPv6
require
ACE
module
and
ACE

appliance
software
Version
A5(1.0)
or

later.
Ta
b

l

e


6-19
Extended
ACL

Configuration

Options
Field
Description
Entry
Attributes
Line
Number
Number
that

specifies

the

position

of

this

entry

in

the

ACL.

The

position

of

an

entry

affects
the
lookup

order

of

the

entries

in

an

ACL.

To

change

the

sequence

of

existing

extended

ACLs,
see
the

“Resequencing

Extended

ACLs”

section

on

page

6-87 .
Action
Action
to

be

taken:

Permit

or

Deny.
Service
Object

Group
Option
that

is

not

applicable

to

ACE

modules

running

3.0(0)A1(x)

and

ACE

4710

appliances
running
image

A1(x).
Choose
a

se

rvice

object

group

to

apply

t

o

this

ACL.
Protocol
Protocol
or

pro

tocol

number

to

apply

to

this

ACL

ent

ry.

Ta

b

l

e
6-20
lists

common

protocol
names
and

numbers.
ICMP
Type
This
field

appears

only

when

the

selected

protocol

type

is

ICMP.

Choose

the

ICMP

type.
Ta
b

l

e


6-23

lists

common

ICMP

types

and

numbers.

Ta

b

l

e


6-24

lists

common

ICMPv6

types
and
numbers.
ICMP
Message

Code
Operator
This
field

appears

only

when

the

selected

protocol

type

is

ICMP.

Choose

one

of

the

following
operands
to

use

when

comparing

message

codes

for

this

service

object:


Equal
To—The

message

code
must
be

the
same
as
the

number

in

the

Message
Code
field.


Greater
Than—The

message

code

must

be

greater

than

the

number

in

the

Message

Code
fi
el

d.


Less
Than—The

message

code

must

be

less

than

the

number

in

the
Message
Code

field.


Not
Equal

To—The

message

code

must

not

equal

the

number

in

the

Message

Code

field.


Range—The
message
code
must

be
within

the

range

of

codes

specified

by

the
Min.
Message
Code

field

and

the

Max.

Message

Code

field.
ICMP
Message

Code
This
field

appears

only

when

the

selected

protocol

type

is

ICMP

and

the

ICMP

Message

Code
Operator
is

set

to

one

of

the

following:

Equal

To,

Greater

Than,

Less

Than,

or

Not

Equal

To.
Enter
the

ICMP

message

code

for

this

service

object.