Filter
Top Products
6-53
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter 6 Managing Policy Objects
Creating Access Control List Objects
applications from almost any computer that can reach HTTPS Internet sites. WebVPN uses Secure
Socket Layer Protocol and its successor, Transport Layer Security (SSL/TLS1) to provide a secure
connection between remote users and specific, supported internal resources that you configure at a
central site.
The following table presents examples of Web VPN ACLs.
Uses:
• As a filter ACL in an ASA User Group policy object (under SSL VPN > Clientless).
Related Topics
• Creating Access Control List Objects, page 6-49
• Understanding Access Rule Address Requirements and How Rules Are Deployed, page 16-5
• Creating Policy Objects, page 6-9
Step 1 Choose Manage > Policy Objects to open the Policy Object Manager (see Policy Object Manager,
page 6-4).
Step 2 From the Object Type selector, select Access Control Lists.
The Access Control List page appears.
Step 3 Click the Web tab.
Step 4 Right-click inside the work area and select New Object.
The Add WebType Access List dialog box appears (see Add or Edit Access List Dialog Boxes,
page 6-55).
Step 5 Enter a name for the object and optionally a description of the object.
Step 6 Right-click inside the access control entry table and choose Add.
The Add Web Access Control Entry dialog box appears.
Step 7 Create the access control entry:
Table 6-19 Examples of Web VPN ACLs
Action Filter Effect
Deny url http://*.yahoo.com/ Denies access to all of Yahoo!
Deny url cifs://fileserver/share/directory Denies access to all files in the specified
location.
Deny url https://www.company.com/
directory/file.html
Denies access to the specified file.
Permit url
https://www.company.com/directory
Permits access to the specified location
Deny url http://*:8080/ Denies HTTPS access to anywhere via
port 8080.
Deny url http://10.10.10.10 Denies HTTP access to 10.10.10.10.
Permit url any Permits access to any URL. Usually
used after an ACL that denies url
access.