Adding webtype access lists with an ip address – Cisco ASA 5505 User Manual

Page 410

Advertising
background image

18-4

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 18 Adding a Webtype Access List

Using Webtype Access Lists

Adding Webtype Access Lists with an IP Address

To add an access list to the configuration that supports filtering for clientless SSL VPN, enter the following command:

Command

Purpose

access-list

access_list_name webtype {deny

| permit} tcp [host ip_address |

ip_address subnet_mask | any] [oper

port[port]] [log[[disable | default] |

level] interval secs][time_range name]]

Example:

hostname(config)# access-list acl_company

webtype permit tcp any

Adds an access list to the configuration that supports filtering for
WebVPN.

The access_list_name argument specifies the name or number of an access
list.

The any keyword specifies all IP addresses.

The deny keyword denies access if the conditions are matched.

The host ip_address option specifies a host IP address.

The interval option specifies the time interval at which to generate system
log message 106100; valid values are from 1 to 600 seconds.

The ip_address ip_mask option specifies a specific IP address and subnet
mask.

The log [[disable | default]| level] option specifies that system log message
106100 is generated for the ACE. When the log optional keyword is
specified, the default level for system log message 106100 is 6
(informational). See the log command for more information.

The permit keyword permits access if the conditions are matched.

The port option specifies the decimal number or name of a TCP or UDP
port.

The time_range name option specifies a keyword for attaching the
time-range option to this access list element.

To remove an access list, use the no form of this command with the
complete syntax string as it appears in the configuration.

Advertising