EasyManua.ls Logo

Cisco ASA Series

Cisco ASA Series
428 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
3-16
Cisco ASA Series Firewall CLI Configuration Guide
Chapter 3 Access Control Lists
Configure ACLs
For an explanation of keywords not explained here, see Add a Webtype ACE for URL Matching,
page 3-14. Keywords and arguments specific to this type of ACE include the following:
tcp—The TCP protocol. Webtype ACLs match TCP traffic only.
Destination Address—The dest_address_argument specifies the IP address to which the packet is
being sent:
host ip_address—Specifies an IPv4 host address.
dest_ip_address mask—Specifies an IPv4 network address and subnet mask, such as
10.100.10.0 255.255.255.0.
ipv6-address/prefix-length—Specifies an IPv6 host or network address and prefix.
any, any4, and any6any specifies both IPv4 and IPv6 traffic; any4 specifies IPv4 traffic only;
and any6 specifies IPv6 traffic only.
operator port—The destination port. If you do not specify ports, all ports are matched. The operator
can be one of the following:
lt—less than
gt—greater than
eq—equal to
neq—not equal to
range—an inclusive range of values. When you use this operator, specify two port numbers, for
example:
range 100 200
The port can be the integer or name of a TCP port.
Examples for Webtype ACLs
The following example shows how to deny access to a specific company URL:
hostname(config)# access-list acl_company webtype deny url http://*.example.com
The following example shows how to deny access to a specific web page:
hostname(config)# access-list acl_file webtype deny url
https://www.example.com/dir/file.html
The following example shows how to deny HTTP access to any URL on a specific server through port
8080:
hostname(config)# access-list acl_company webtype deny url http://my-server:8080/*
The following examples show how to use wildcards in webtype ACLs.
The following example matches URLs such as http://www.example.com/layouts/1033:
access-list VPN-Group webtype permit url http://www.example.com/*
The following example matches URLs such as http://www.example.com/ and
http://www.example.net/:
access-list test webtype permit url http://www.example.*

Table of Contents

Other manuals for Cisco ASA Series

Preview: Cli Configuration Guide
Cli Configuration Guide2164 pages
Preview: Mount And Connect
Mount And Connect12 pages

Related product manuals