Access control lists (ACLs)

Details: Written by: Meena; Category: Cybersecurity PRISM

Access control lists (ACLs) are used by many different features. When applied to interfaces or globally as access rules, they permit or deny traffic that flows through the appliance. For other features, the ACL selects the traffic to which the feature will apply, performing a matching service rather than a control service.

Access control lists (ACLs) identify traffic flows by one or more characteristics, including source and destination IP address, IP protocol, ports, EtherType, and other parameters, depending on the type of ACL.

The Cisco ASA supports five different types of ACLs to provide a flexible and scalable solution to filter unauthorized packets into the network:

1. Standard ACLs

Standard ACLs identify traffic by destination address only. There are few features that use them: route maps and VPN filters. Because VPN filters also allow extended access lists, limit standard ACL use to route maps.

2. Extended ACLs

Extended ACLs are the main type that you will use. These ACLs are used for access rules to permit and deny traffic through the device, and for traffic matching by many features, including service policies, AAA rules, WCCP, Botnet Traffic Filter, and VPN group and DAP policies.

3. IPv6 ACLs

An IPv6 ACL functions similarly to an extended ACL. However, it identifies only IPv6 traffic passing through a security appliance.

4. EtherType ACLs

EtherType ACLs apply to non-IP layer-2 traffic on bridge group member interfaces only. You can use these rules to permit or drop traffic based on the EtherType value in the layer-2 packet. With EtherType ACLs, you can control the flow of non-IP traffic across the device.

5. Webtype ACLs

Webtype ACLs are used for filtering clientless SSL VPN traffic. These ACLs can deny access based on URLs or destination addresses.

This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.

Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...

She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.

34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.

If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:

Click Here to follow her: Cybersecurity PRISM

IT PANORAMA Business Intelligence Digital Marketing Information Management Application Platform Optimization Information Security	CYBER WARRIOR'S Ethical Hacking Masterclass	CERTIFICATIONS CCNP : Routing & Switching CCNA : Routing & Switching All Cisco Training Boot Camps CCNA CCNP - Project & Assignment Help MCSE : Server Infrastructure MCTS : Microsoft Project 2010 Professional All Microsoft Boot Camps Training
MANAGEMENT CONSULTANCY Leadership Development Lean Six Sigma Certification Training LSS Black Belt Program (On-site) LSS Green Belt Program (On-site)	BLOGS Cybersecurity PRISM IT & Networking Blog Process Management Blog Business Management Blog Education Training Blog	CONTACT US Privacy Policy Terms of Service © 2013 Luminis Consulting Services P Ltd, IN

Guide to Important Sections

IT PANORAMA

CYBER WARRIOR'S

CERTIFICATIONS

MANAGEMENT CONSULTANCY

BLOGS

CONTACT US