23-2
Cisco ASA 5500 Series Configuration Guide using ASDM
Chapter 23 Adding a WebtypeACL
Default Settings
IPv6 Guidelines
Supports IPv6.
Additional Guidelines and Limitations
The following guidelines and limitations apply to Webtype ACLs:
• Smart tunnel ACEs filter on a per-server basis only, so you cannot create smart tunnel ACEs to
permit or deny access to directories or to permit or deny access to specific smart tunnel-enabled
applications.
• If you add descriptive remarks about your ACL with non-English characters on one platform (such
as Windows) then try to remove them from another platform (such as Linux), you might not be able
to edit or delete them because the original characters might not be correctly recognized. This
limitation is due to an underlying platform dependency that encodes different language characters
in different ways.
Default Settings
Table 23-1 lists the default settings for Webtype access lists parameters.
Using Webtype ACLs
This section includes the following topics:
•
•
Adding a Webtype ACL and ACE, page 23-3
• Editing Webtype ACLs and ACEs, page 23-4
• Deleting Webtype ACLs and ACEs, page 23-5
Task Flow for Configuring Webtype ACLs
Use the following guidelines to create and implement an ACL:
• Create an ACL by adding an ACE and applying an ACL name. See the “Using Webtype ACLs”
section on page 23-2.
• Apply the ACL to an interface. See the “Configuring Access Rules” section on page 37-7 for more
information.
Table 23-1 Default Webtype Access List Parameters
Parameters Default
deny The ASA denies all packets on the originating
interface unless you specifically permit access.
log Access list logging generates system log message
106023 for denied packets. Deny packets must be
present to log denied packets.