Adding A Webtype Access List; Simplifying Access Lists With Object Grouping; How Object Grouping Works - Cisco PIX 500 Series Configuration Manual

Security appliance command line

Hide thumbs Also See for PIX 500 Series:

Table of Contents

Identifying Traffic with Access Lists

To add an ACE, enter the following command:

hostname(config)# access-list access_list_name standard {deny | permit} {any | ip_address

The following sample access list identifies routes to 192.168.1.0/24:

hostname(config)# access-list OSPF standard permit 192.168.1.0 255.255.255.0

Adding a Webtype Access List

To add an access list to the configuration that supports filtering for WebVPN, enter the following

hostname(config)# access-list access_list_name webtype

For information about logging options that you can add to the end of the ACE, see the

List Activity" section on page

This section describes how to use object grouping to simplify access list creation and maintenance.

This section includes the following topics:

By grouping like-objects together, you can use the object group in an ACE instead of having to enter an

ACE for each object separately. You can create the following types of object groups:

For example, consider the following three object groups:

How Object Grouping Works, page 16-11

Adding Object Groups, page 16-12

Nesting Object Groups, page 16-15

Displaying Object Groups, page 16-17

Removing Object Groups, page 16-17

Using Object Groups with an Access List, page 16-16

MyServices—Includes the TCP and UDP port numbers of the service requests that are allowed

access to the internal network

TrustedHosts—Includes the host and network addresses allowed access to the greatest range of

services and servers

PublicServers—Includes the host addresses of servers to which the greatest access is provided

Cisco Security Appliance Command Line Configuration Guide

Adding a Webtype Access List

url_string | any]

"Logging Access

Asa 5500 series