Cisco ASA 5505 Configuration Manual page 339

Asa 5500 series

Hide thumbs Also See for ASA 5505:

Getting started manual (168 pages)

Administrator's manual (118 pages)

Hardware installation manual (82 pages)

Table of Contents

Adding a WebtypeACL

Smart tunnel ACEs filter on a per-server basis only, so you cannot create smart tunnel ACEs to permit

or deny access to directories or to permit or deny access to specific smart tunnel-enabled applications.

To configure a webtype ACL, perform the following steps:

Choose Configuration > Remote Access VPN > Clientless SSL VPN Access > Advanced > Web

Click Add, and choose one of the following ACL types to add:

Add IPv6 ACL

The Add ACL dialog box appears.

Enter a name for the ACL (with no spaces), and click OK.

To add an entry to the list that you just created, click Add, and choose Add ACE from the drop-down list.

In the Action field, click the radio button next to the desired action:

Permit—Permits access if the conditions are matched.

Deny—Denies access if the conditions are matched.

In the filter field, you can either filter on a URL or filter on an address and Service.

To filter on a URL, choose the URL prefix from the drop-down list, and enter the URL>

Wildcard characters can be used in the URL field:

To filter on an address and service, click the Filter address and service radio button, and enter the

appropriate values.

Wildcard characters can be used in the with regular expression in the address field:

You can also browse for the address and service by clicking the browse buttons at the end of the fields.

(Optional) Logging is enabled by default. You can disable logging by unchecking the check box, or you

can change the logging level from the drop-down list. The default logging level is Informational.

For more information about logging options, see the Log Options section on page 21-29.

The end of every ACL has an implicit deny rule.

An asterisk * matches none or any number of characters.

A question mark ? matches any one character exactly.

Square brackets [] are range operators, matching any character in the range. For example, to

match both http://www.cisco.com:80/ and http://www.cisco.com:81/, enter the following:

http://www.cisco.com:8[01]/

An asterisk * matches none or any number of characters.

A question mark ? matches any one character exactly.

Square brackets [] are range operators, matching any character in the range. For example to

permit a range of IP addresses from 10.2.2.20 through 10.2.2.31, enter the following:

10.2.2.[20-31]

Cisco ASA 5500 Series Configuration Guide using ASDM

Using Webtype ACLs

Show Quick Links

Chapters

Table of Contents

Asa 5510 Asa 5540 Asa 5520 Asa 5550 Asa 5580

Cisco ASA 5505 Configuration Manual page 339

Hide quick links:

Chapters

Related Manuals for Cisco ASA 5505

Related Products for Cisco ASA 5505

This manual is also suitable for:

Table of Contents