Adding webtype access lists with an ip address – Cisco ASA 5505 User Manual
Page 410
 
18-4
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter 18 Adding a Webtype Access List
Using Webtype Access Lists
Adding Webtype Access Lists with an IP Address
To add an access list to the configuration that supports filtering for clientless SSL VPN, enter the following command:
Command
Purpose
access-list
access_list_name webtype {deny
| permit} tcp [host ip_address |
ip_address subnet_mask | any] [oper
port[port]] [log[[disable | default] |
level] interval secs][time_range name]]
Example:
hostname(config)# access-list acl_company
webtype permit tcp any
Adds an access list to the configuration that supports filtering for 
WebVPN.
The access_list_name argument specifies the name or number of an access 
list.
The any keyword specifies all IP addresses.
The deny keyword denies access if the conditions are matched.
The host ip_address option specifies a host IP address.
The interval option specifies the time interval at which to generate system 
log message 106100; valid values are from 1 to 600 seconds.
The ip_address ip_mask option specifies a specific IP address and subnet 
mask.
The log [[disable | default]| level] option specifies that system log message 
106100 is generated for the ACE. When the log optional keyword is 
specified, the default level for system log message 106100 is 6 
(informational). See the log command for more information.
The permit keyword permits access if the conditions are matched.
The port option specifies the decimal number or name of a TCP or UDP 
port.
The time_range name option specifies a keyword for attaching the 
time-range option to this access list element. 
To remove an access list, use the no form of this command with the 
complete syntax string as it appears in the configuration.