CiscoASA

Header Format

The ciscoasa header designation has the following format:

targets:
    ciscoasa: [filter name]

Term Format

  • for common keys see common.md

  • destination-exclude: Exclude one or more address tokens from the specified destination-address

  • logging: Specify that this packet should be logged via syslog.
  • owner: Owner of the term, used for organizational purposes.
  • source-exclude: exclude one or more address tokens from the specified source-address.
  • verbatim: this specifies that the text enclosed within quotes should be rendered into the output without interpretation or modification. This is sometimes used as a temporary workaround while new required features are being added.

Sub Tokens

Actions

  • accept
  • deny
  • next
  • reject
  • reject-with-tcp-rst

Option

  • established: Only match established connections, implements tcp-established for tcp and sets destination port to 1024- 65535 for udp if destination port is not defined.
  • tcp-established: Only match established tcp connections, based on statefull match or TCP flags. Not supported for other protocols.