Where to go next, Feature history for extended access lists – Cisco ASA 5505 User Manual

Page 393

Advertising
background image

15-7

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 15 Adding an Extended Access List

Where to Go Next

hostname(config)# access-list ACL_IN extended deny tcp host 10.1.1.78 host 209.165.201.16

eq www

hostname(config)# access-list ACL_IN extended deny tcp host 10.1.1.89 host 209.165.201.16

eq www

hostname(config)# access-list ACL_IN extended deny tcp host 10.1.1.4 host 209.165.201.78

eq www

hostname(config)# access-list ACL_IN extended deny tcp host 10.1.1.78 host 209.165.201.78

eq www

hostname(config)# access-list ACL_IN extended deny tcp host 10.1.1.89 host 209.165.201.78

eq www

hostname(config)# access-list ACL_IN extended permit ip any any

hostname(config)# access-group ACL_IN in interface inside

If you make two network object groups, one for the inside hosts, and one for the web servers, then the
configuration can be simplified and can be easily modified to add more hosts:

hostname(config)# object-group network denied

hostname(config-network)# network-object host 10.1.1.4

hostname(config-network)# network-object host 10.1.1.78

hostname(config-network)# network-object host 10.1.1.89

hostname(config-network)# object-group network web

hostname(config-network)# network-object host 209.165.201.29

hostname(config-network)# network-object host 209.165.201.16

hostname(config-network)# network-object host 209.165.201.78

hostname(config-network)# access-list ACL_IN extended deny tcp port object-group denied

object-group web eq www

hostname(config)# access-list ACL_IN extended permit ip any any

hostname(config)# access-group ACL_IN in interface inside

Where to Go Next

Apply the access list to an interface. See the

“Configuring Access Rules” section on page 34-7

for more

information.

Feature History for Extended Access Lists

Table 15-2

lists each feature change and the platform release in which it was implemented.

Table 15-2

Feature History for Extended Access Lists

Feature Name

Releases

Feature Information

Extended access lists

7.0(1)

Access lists are used to control network access or to specify
traffic for many features to act upon. An extended access
control list is made up of one or more access control entries
(ACE) in which you can specify the line number to insert
the ACE, the source and destination addresses, and,
depending upon the ACE type, the protocol, the ports (for
TCP or UDP), or the IPCMP type (for ICMP).

We introduced the following command: access-list
extended.

Advertising
This manual is related to the following products:

ASA 5585-X, ASA 5555-X, ASA 5545-X, ASA 5525-X, ASA 5515-X, ASA 5512-X, ASA 5580, ASA 5550, ASA 5540, ASA 5520, ASA 5510, ASA 5500 Series

Popular Brands
Popular manuals