Access control lists (ACL) filter traffic for a function. The function can be to deny or permit the traffic, to classify the traffic for network address translation (NAT), or to set the traffic to a particular queue, based on quality of service (QoS). ACLs are used in Cisco IOS and firewalls to filter traffic.
Security rules to permit or deny networks or any users are defined by an ACL on a Firewall Services Module (FWSM). The FWSM does not allow any traffic unless it is specified (this is regardless of the security domain). Following are the uses of the access list in the FWSM:
• Provides network security rule definition: The rules for one security domain to access the other security domain are described using access lists.
• Allows for authentication, authorization, and accounting (AAA) network access:
Access lists are used to define the traffic for the cut-through proxy feature. This feature is covered in Chapter 10, "AAA Overview."
• Allows Virtual Private Network (VPN) access: Defines the host that can access the FWSM through VPN.
• Used in configuring network address translation: Identifies NAT for specific source or destination IP addresses.
• Used in configuring modular QoS: Identifies traffic for modular QoS policies.
• Used in redistribution of routing protocol: Access lists filter subnets that are redistributed between routing protocols.
Understanding the concept of access lists is important to configure various features in the FWSM. Access lists add to the working of important features in the FWSM.
Was this article helpful?