EasyManuals Logo
Home>Cisco>Network Hardware>ASA Series

Cisco ASA Series Configuration Guide

Cisco ASA Series
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #40 background imageLoading...
Page #40 background image
3-16
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 3 Access Control Lists
Configure ACLs
For an explanation of keywords not explained here, see Add a Webtype ACE for URL Matching,
page 3-14. Keywords and arguments specific to this type of ACE include the following:
• tcp—The TCP protocol. Webtype ACLs match TCP traffic only.
• Destination Address—The dest_address_argument specifies the IP address to which the packet is
being sent:
–
host ip_address—Specifies an IPv4 host address.
–
dest_ip_address mask—Specifies an IPv4 network address and subnet mask, such as
10.100.10.0 255.255.255.0.
–
ipv6-address/prefix-length—Specifies an IPv6 host or network address and prefix.
–
any, any4, and any6—any specifies both IPv4 and IPv6 traffic; any4 specifies IPv4 traffic only;
and any6 specifies IPv6 traffic only.
• operator port—The destination port. If you do not specify ports, all ports are matched. The operator
can be one of the following:
–
lt—less than
–
gt—greater than
–
eq—equal to
–
neq—not equal to
–
range—an inclusive range of values. When you use this operator, specify two port numbers, for
example:
range 100 200
The port can be the integer or name of a TCP port.
Examples for Webtype ACLs
The following example shows how to deny access to a specific company URL:
hostname(config)# access-list acl_company webtype deny url http://*.example.com
The following example shows how to deny access to a specific web page:
hostname(config)# access-list acl_file webtype deny url
https://www.example.com/dir/file.html
The following example shows how to deny HTTP access to any URL on a specific server through port
8080:
hostname(config)# access-list acl_company webtype deny url http://my-server:8080/*
The following examples show how to use wildcards in webtype ACLs.
• The following example matches URLs such as http://www.example.com/layouts/1033:
access-list VPN-Group webtype permit url http://www.example.com/*
• The following example matches URLs such as http://www.example.com/ and
http://www.example.net/:
access-list test webtype permit url http://www.example.*

Table of Contents

Other manuals for Cisco ASA Series

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Mount And Connect
Mount And Connect12 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA Series and is the answer not in the manual?

Cisco ASA Series Specifications

General IconGeneral
BrandCisco
ModelASA Series
CategoryNetwork Hardware
LanguageEnglish

Related product manuals