Cisco ASA Series Cli Configuration Manual page 586

Default Settings
Firewall Mode Guidelines
Supported in routed and transparent firewall mode.
IPv6 Guidelines
Supports IPv6.
Additional Guidelines and Limitations
The following guidelines and limitations apply to Webtype access lists:
•
•
•
•
Default Settings
Table 1-1
Table 1-1
Parameters
deny
log
Using Webtype Access Lists
This section includes the following topics:
•
•
•
•
Task Flow for Configuring Webtype Access Lists
Use the following guidelines to create and implement an access list:
Cisco ASA Series CLI Configuration Guide
1-2
The access-list webtype command is used to configure clientless SSL VPN filtering. The URL
specified may be full or partial (no file specified), may include wildcards for the server, or may
specify a port. See the "Adding Webtype Access Lists with a URL String" section on page 1-3
information about using wildcard characters in the URL string.
Valid protocol identifiers are http, https, cifs, imap4, pop3, and smtp. The RL may also contain the
keyword any to refer to any URL. An asterisk may be used to refer to a subcomponent of a DNS
name.
Dynamic ACLs have been extended to support IPv6 ACLs. If you configure both an IPv4 ACL and
an IPv6 ACL, they are converted to dynamic ACLs.
If you use the Access Control Server (ACS), you must configure IPv6 ACLs using the cisco-av-pair
attribute; downloadable ACLs are not supported in the ACS GUI.
lists the default settings for Webtype access lists parameters.
Default Webtype Access List Parameters
Task Flow for Configuring Webtype Access Lists, page 1-2
Adding Webtype Access Lists with a URL String, page 1-3
Adding Webtype Access Lists with an IP Address, page 1-4
Adding Remarks to Access Lists, page 1-5
Chapter 1 Adding a Webtype Access Control List
Default
The ASA denies all packets on the originating
interface unless you specifically permit access.
Access list logging generates system log message
106023 for denied packets. Deny packets must be
present to log denied packets.
for