23-3
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 23 Adding a WebtypeACL
Using Webtype ACLs
Adding a Webtype ACL and ACE
You must first create the webtype ACL and then add an ACE to the ACL.
Note Smart tunnel ACEs filter on a per-server basis only, so you cannot create smart tunnel ACEs to permit
or deny access to directories or to permit or deny access to specific smart tunnel-enabled applications.
To configure a webtype ACL, perform the following steps:
Step 1 Choose Configuration > Remote Access VPN > Clientless SSL VPN Access > Advanced > Web
ACLs.
Step 2 Click Add, and choose one of the following ACL types to add:
• Add ACL
• Add IPv6 ACL
The Add ACL dialog box appears.
Step 3 Enter a name for the ACL (with no spaces), and click OK.
Step 4 To add an entry to the list that you just created, click Add, and choose Add ACE from the drop-down list.
Step 5 In the Action field, click the radio button next to the desired action:
• Permit—Permits access if the conditions are matched.
• Deny—Denies access if the conditions are matched.
Note The end of every ACL has an implicit deny rule.
Step 6 In the filter field, you can either filter on a URL or filter on an address and Service.
a. To filter on a URL, choose the URL prefix from the drop-down list, and enter the URL>
Wildcard characters can be used in the URL field:
–
An asterisk * matches none or any number of characters.
–
A question mark ? matches any one character exactly.
–
Square brackets [] are range operators, matching any character in the range. For example, to
match both http://www.cisco.com:80/ and http://www.cisco.com:81/, enter the following:
http://www.cisco.com:8[01]/
b. To filter on an address and service, click the Filter address and service radio button, and enter the
appropriate values.
Wildcard characters can be used in the with regular expression in the address field:
–
An asterisk * matches none or any number of characters.
–
A question mark ? matches any one character exactly.
–
Square brackets [] are range operators, matching any character in the range. For example to
permit a range of IP addresses from 10.2.2.20 through 10.2.2.31, enter the following:
10.2.2.[20-31]
You can also browse for the address and service by clicking the browse buttons at the end of the fields.