1-2
Cisco ASA Series CLI Configuration Guide
Chapter 1 Adding a Webtype Access Control List
Default Settings
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
IPv6 Guidelines
Supports IPv6.
Additional Guidelines and Limitations
The following guidelines and limitations apply to Webtype access lists:
• The access-list webtype command is used to configure clientless SSL VPN filtering. The URL
specified may be full or partial (no file specified), may include wildcards for the server, or may
specify a port. See the “Adding Webtype Access Lists with a URL String” section on page 1-3 for
information about using wildcard characters in the URL string.
• Valid protocol identifiers are http, https, cifs, imap4, pop3, and smtp. The RL may also contain the
keyword any to refer to any URL. An asterisk may be used to refer to a subcomponent of a DNS
name.
• Dynamic ACLs have been extended to support IPv6 ACLs. If you configure both an IPv4 ACL and
an IPv6 ACL, they are converted to dynamic ACLs.
• If you use the Access Control Server (ACS), you must configure IPv6 ACLs using the cisco-av-pair
attribute; downloadable ACLs are not supported in the ACS GUI.
Default Settings
Table 1-1 lists the default settings for Webtype access lists parameters.
Using Webtype Access Lists
This section includes the following topics:
• Task Flow for Configuring Webtype Access Lists, page 1-2
• Adding Webtype Access Lists with a URL String, page 1-3
• Adding Webtype Access Lists with an IP Address, page 1-4
• Adding Remarks to Access Lists, page 1-5
Task Flow for Configuring Webtype Access Lists
Use the following guidelines to create and implement an access list:
Table 1-1 Default Webtype Access List Parameters
Parameters Default
deny The ASA denies all packets on the originating
interface unless you specifically permit access.
log Access list logging generates system log message
106023 for denied packets. Deny packets must be
present to log denied packets.
To Next Page
Loading...
Need help?
General
