Support User Manuals

Cisco Systems OL-16647-01 Network Router User Manual

Open as PDF

of 1230

38-3

Cisco ASDM User Guide

OL-16647-01

Chapter 38 Clientless SSL VPN

Security Precautions

Add ACL

This pane lets you create a new ACL.

Fields

• ACL Name—Enter a name for the ACL. Maximum 55 characters.

Add/Edit ACE

An Access Control Entry permits or denies access to specific URLs and services. You can configure

multiple ACEs for an ACL. ACLs apply ACEs in priority order, acting on the first match.

Fields

• Action—Permits or denies access to the specific networks, subnets, hosts, and web servers specified

in the Filter group box.

• Filter—Specifies a URL or an IP address to which you want to apply the filter (permit or deny user

access).

–

URL—Applies the filter to the specified URL.

–

Protocols (unlabeled)—Specifies the protocol part of the URL address.

–

://x—Specifies the URL of the Web page to which to apply the filter.

–

TCP—Applies the filter to the specified IP address, subnet, and port.

–

IP Address—Specifies the IP address to which to apply the filter.

–

Netmask—Lists the standard subnet mask to apply to the address in the IP Address box.

–

Service—Identifies the service (such as https, kerberos, or any) to be matched. Displays a list

of services from which you can select the service to display in the Service box.

–

Boolean operator (unlabeled)—Lists the boolean conditions (equal, not equal, greater than, less

than, or range) to use in matching the service specified in the service box.

• Rule Flow Diagram—Graphically depicts the traffic flow using this filter. This area might be hidden.

• Options—Specifies the logging rules. The default is Default Syslog.

–

Logging—Choose enable if you want to enable a specific logging level.

–

Syslog Level—Grayed out until you select Enable for the Logging attribute. Lets you select the

type of syslog messages you want the security appliance to display.

–

Log Interval—Lets you select the number of seconds between log messages.

–

Time Range—Lets you select the name of a predefined time-range parameter set.

–

...—Click to browse the configured time ranges or to add a new one.

Firewall Mode Security Context

Routed Transparent Single

Multiple

Context System

• — • ——

previous next