4-13
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 4 Access Rules
History for Access Rules
Unified ACL for IPv4 and IPv6
9.0(1)
ACLs now support IPv4 and IPv6 addresses. You can even
specify a mix of IPv4 and IPv6 addresses for the source and
destination. The
any
keyword was changed to represent
IPv4 and IPv6 traffic. The
any4
and
any6
keywords were
added to represent IPv4-only and IPv6-only traffic,
respectively. The IPv6-specific ACLs are deprecated.
Existing IPv6 ACLs are migrated to extended ACLs. See the
release notes for more information about migration.
We modified the following commands:
access-list
extended
,
access-list webtype
.
We removed the following commands:
ipv6 access-list
,
ipv6 access-list webtype
,
ipv6-vpn-filter
Extended ACL and object enhancement to filter
ICMP traffic by ICMP code
9.0(1)
ICMP traffic can now be permitted/denied based on ICMP
code.
We introduced or modified the following commands:
access-list
extended, service-object, service
.
Transactional Commit Model on Access Group
Rule Engine
9.1(5)
When enabled, a rule update is applied after the rule
compilation is completed; without affecting the rule
matching performance.
We introduced the following commands:
asp rule-engine
transactional-commit
,
show running-config asp
rule-engine transactional-commit
,
clear configure asp
rule-engine transactional-commit
.
Configuration session for editing ACLs and
objects.
Forward referencing of objects and ACLs in
access rules.
9.3(2)
You can now edit ACLs and objects in an isolated
configuration session. You can also forward reference
objects and ACLs, that is, configure rules and access groups
for objects or ACLs that do not yet exist.
We introduced the
clear config-session
,
clear session
,
configure session
,
forward-reference
, and
show
config-session
commands.
Feature Name
Platform
Releases
Description
Summary of Contents for ASA 5508-X
Page 11: ...P A R T 1 Access Control ...
Page 12: ......
Page 157: ...P A R T 2 Network Address Translation ...
Page 158: ......
Page 233: ...P A R T 3 Service Policies and Application Inspection ...
Page 234: ......
Page 379: ...P A R T 4 Connection Management and Threat Detection ...
Page 380: ......