EasyManuals Logo

Cisco ASA 5506-X Configuration Guide

Cisco ASA 5506-X
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #40 background imageLoading...
Page #40 background image
3-16
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 3 Access Control Lists
Configure ACLs
For an explanation of keywords not explained here, see Add a Webtype ACE for URL Matching,
page 3-14. Keywords and arguments specific to this type of ACE include the following:
tcp—The TCP protocol. Webtype ACLs match TCP traffic only.
Destination Address—The dest_address_argument specifies the IP address to which the packet is
being sent:
host ip_address—Specifies an IPv4 host address.
dest_ip_address mask—Specifies an IPv4 network address and subnet mask, such as
10.100.10.0 255.255.255.0.
ipv6-address/prefix-length—Specifies an IPv6 host or network address and prefix.
any, any4, and any6any specifies both IPv4 and IPv6 traffic; any4 specifies IPv4 traffic only;
and any6 specifies IPv6 traffic only.
operator port—The destination port. If you do not specify ports, all ports are matched. The operator
can be one of the following:
lt—less than
gt—greater than
eq—equal to
neq—not equal to
range—an inclusive range of values. When you use this operator, specify two port numbers, for
example:
range 100 200
The port can be the integer or name of a TCP port.
Examples for Webtype ACLs
The following example shows how to deny access to a specific company URL:
hostname(config)# access-list acl_company webtype deny url http://*.example.com
The following example shows how to deny access to a specific web page:
hostname(config)# access-list acl_file webtype deny url
https://www.example.com/dir/file.html
The following example shows how to deny HTTP access to any URL on a specific server through port
8080:
hostname(config)# access-list acl_company webtype deny url http://my-server:8080/*
The following examples show how to use wildcards in webtype ACLs.
The following example matches URLs such as http://www.example.com/layouts/1033:
access-list VPN-Group webtype permit url http://www.example.com/*
The following example matches URLs such as http://www.example.com/ and
http://www.example.net/:
access-list test webtype permit url http://www.example.*

Table of Contents

Other manuals for Cisco ASA 5506-X

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the Cisco ASA 5506-X and is the answer not in the manual?

Cisco ASA 5506-X Specifications

General IconGeneral
ModelASA 5506-X
Firewall Throughput750 Mbps
Maximum Firewall Connections50, 000
Maximum VPN Peers50
Integrated Ports8 x 1 GE
Stateful Inspection Throughput750 Mbps
Weight4.4 lb (2 kg)
Firewall Throughput (Multiprotocol)750 Mbps
Firewall Throughput (Application Visibility and Control AVC)250 Mbps
Concurrent Sessions50, 000
New Connections per Second10, 000
IPsec VPN Throughput100 Mbps
Interfaces8 x 1 GE
Memory4 GB
Flash Memory8 GB
Form FactorDesktop
VPN Throughput100 Mbps
Maximum Concurrent Sessions50, 000
New Sessions per Second10, 000
Operating Temperature32 to 104°F (0 to 40°C)
Storage Temperature-13 to 158°F (-25 to 70°C)
Power SupplyExternal
Humidity10% to 90% non-condensing

Related product manuals