Default settings, Using webtype access lists, Task flow for configuring webtype access lists – Cisco ASA 5505 User Manual
Page 408
18-2
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 18 Adding a Webtype Access List
Default Settings
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
IPv6 Guidelines
Supports IPv6.
Additional Guidelines and Limitations
The following guidelines and limitations apply to Webtype access lists:
•
The access-list webtype command is used to configure clientless SSL VPN filtering. The URL
specified may be full or partial (no file specified), may include wildcards for the server, or may
specify a port. See the
“Adding Webtype Access Lists with a URL String” section on page 18-3
for
information about using wildcard characters in the URL string.
•
Valid protocol identifiers are http, https, cifs, imap4, pop3, and smtp. The RL may also contain the
keyword any to refer to any URL. An asterisk may be used to refer to a subcomponent of a DNS
name.
Default Settings
lists the default settings for Webtype access lists parameters.
Using Webtype Access Lists
This section includes the following topics:
•
Task Flow for Configuring Webtype Access Lists, page 18-2
•
Adding Webtype Access Lists with a URL String, page 18-3
•
Adding Webtype Access Lists with an IP Address, page 18-4
•
Adding Remarks to Access Lists, page 18-5
Task Flow for Configuring Webtype Access Lists
Use the following guidelines to create and implement an access list:
•
Create an access list by adding an ACE and applying an access list name. See the
Access Lists” section on page 18-2
.
•
Apply the access list to an interface. See the
“Configuring Access Rules” section on page 34-7
more information.
Table 18-1
Default Webtype Access List Parameters
Parameters
Default
deny
The ASA denies all packets on the originating
interface unless you specifically permit access.
log
Access list logging generates system log message
106023 for denied packets. Deny packets must be
present to log denied packets.