Filter
Top Products
22-6
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 22 Managing Transparent Firewall Rules
Transparent Rules Page
Traffic Direction The direction of the traffic to which this rule applies:
• In—Packets entering an interface.
• Out—Packets exiting an interface.
EtherType The hexadecimal code or keyword (for ASA/PIX/FWSM only) that
identifies the traffic based on the EtherType value in the packet. Enter
or select the following:
• The hexadecimal EtherType value. For a list of codes, see RFC
1700 at http://www.ietf.org/rfc/rfc1700.txt and search for “Ether
Type.”
–
IOS devices—You can enter any value from 0x0000 to
0xFFFF.
–
ASA/PIX/FWSM devices—The value must be 0x0600 or
higher.
• For ASA/PIX/FWSM devices, you can also select these keywords:
–
bpdu—Spanning Tree Bridge Protocol Data Units
–
ipx—Internet Packet Exchange
–
mpls-unicast—Multi-Protocol Label Switching, unicast.
–
mpls-multicast—MPLS multicast.
–
isis
–
any—Any packet regardless of EtherType.
Tip The keyword "isis" in the list above refers to IS-IS pass-through
support, which is new in Security Manager 4.4. "IS-IS
pass-through support" means that IS-IS traffic can flow through
the ASA in transparent mode.
Wildcard Mask (IOS) The mask is a 16-bit hexadecimal number that determines how the
EtherType code is interpreted.
A mask of 0xFFFF indicates the EtherType is literal. Any other mask
indicates the corresponding bits in the EtherType to ignore. You must
convert the hexadecimal number to binary to fully interpret the mask
(binary 1 means interpret the corresponding EtherType value literally,
0 means allow any value at that position).
Category The category assigned to the rule. Categories help you organize and
identify rules and objects. See Using Category Objects, page 6-12.
Description An optional description of the rule (up to 1024 characters).
Table 22-2 Add and Edit Transparent Firewall Rule Dialog Boxes (Continued)
Element Description