Adding remarks to access lists, What to do next, Monitoring webtype access lists – Cisco ASA 5505 User Manual

Page 411: Configuration examples for webtype access lists

Advertising
background image

18-5

Cisco ASA 5500 Series Configuration Guide using the CLI

Chapter 18 Adding a Webtype Access List

What to Do Next

Adding Remarks to Access Lists

You can include remarks about entries in any access list, including extended, EtherType, IPv6, standard,
and Webtype access lists. The remarks make the access list easier to understand.

To add a remark after the last access-list command you entered, enter the following command:

Example

You can add a remark before each ACE, and the remarks appear in the access list in these locations.
Entering a dash (-) at the beginning of a remark helps set it apart from an ACE.

hostname(config)# access-list OUT remark - this is the inside admin address

hostname(config)# access-list OUT extended permit ip host 209.168.200.3 any

hostname(config)# access-list OUT remark - this is the hr admin address

hostname(config)# access-list OUT extended permit ip host 209.168.200.4 any

What to Do Next

Apply the access list to an interface. See the

“Configuring Access Rules” section on page 34-7

for more

information.

Monitoring Webtype Access Lists

To monitor webtype access lists, enter the following command:

Configuration Examples for Webtype Access Lists

The following example shows how to deny access to a specific company URL:

hostname(config)# access-list acl_company webtype deny url http://*.example.com

Command

Purpose

access-list

access_list_name remark text

Example:

hostname(config)# access-list OUT remark -

this is the inside admin address

Adds a remark after the last access-list command you entered.

The text can be up to 100 characters in length. You can enter leading spaces
at the beginning of the text. Trailing spaces are ignored.

If you enter the remark before any access-list command, then the remark
is the first line in the access list.

If you delete an access list using the no access-list access_list_name
command, then all the remarks are also removed.

Command

Purpose

show running-config access list

Displays the access-list configuration running on
the ASA.

Advertising