18-4
Cisco ASA 5500 Series Configuration Guide using the CLI
Chapter18 Adding a Webtype Access List
Using Webtype Access Lists
Adding Webtype Access Lists with an IP Address
To add an access list to the configuration that supports filtering for clientless SSL VPN, enter the following command:
Command Purpose
access-list access_list_name webtype {deny
| permit} tcp [host ip_address |
ip_address subnet_mask | any] [oper
port[port]] [log[[disable | default] |
level] interval secs][time_range name]]
Example:
hostname(config)# access-list acl_company
webtype permit tcp any
Adds an access list to the configuration that supports filtering for
WebVP N.
The access_list_name argument specifies the name or number of an access
list.
The any keyword specifies all IP addresses.
The deny keyword denies access if the conditions are matched.
The host ip_address option specifies a host IP address.
The interval option specifies the time interval at which to generate system
log message 106100; valid values are from 1 to 600 seconds.
The ip_address ip_mask option specifies a specific IP address and subnet
mask.
The log [[disable | default]| level] option specifies that system log message
106100 is generated for the ACE. When the log optional keyword is
specified, the default level for system log message 106100 is 6
(informational). See the log command for more information.
The permit keyword permits access if the conditions are matched.
The port option specifies the decimal number or name of a TCP or UDP
port.
The time_range name option specifies a keyword for attaching the
time-range option to this access list element.
To remove an access list, use the no form of this command with the
complete syntax string as it appears in the configuration.