Cisco ASA Time Based Access-List

The Cisco ASA firewall supports time based access-lists. Simply said, for each entry that you configure you can specify it to be valid only during a certain time or day.

Take a look at the image below:

Cisco ASA Time Based Access-List

Above we have an inside host (R1) and a HTTP server in the DMZ (R3). Let’s say that our users on the inside should not be able to access this web server during working hours. Here’s what the configuration would look like:

ASA1(config)# clock set 13:55:00 3 December 2014

First I’ll configure the clock, next step is to create a time-range:

ASA1(config)# time-range WORK_HOURS   
ASA1(config-time-range)# periodic weekdays 09:00 to 17:00

This time-range called “WORK_HOURS” matches on weekdays and between 09:00 to 17:00.  Now we can create an access-list:

We're Sorry, Full Content Access is for Members Only...

If you like to keep on reading, Become a Member Now! Here is why:

  • Learn any CCNA, CCNP and CCIE R&S Topic. Explained As Simple As Possible.
  • Try for Just $1. The Best Dollar You’ve Ever Spent on Your Cisco Career!
  • Full Access to our 791 Lessons. More Lessons Added Every Week!
  • Content created by Rene Molenaar (CCIE #41726)

1594 Sign Ups in the last 30 days

100% Satisfaction Guaranteed!
You may cancel your monthly membership at any time.
No Questions Asked!

Tags: ,

Forum Replies

  1. Hi Rene,

    I noticed on the Time Base Access-list that when I try to configure from 11:00pm to 2:00am it says that has the wrong time range. The way I specified is periodic weekdays 23:00 to 02:00.
    What am I doing wrong? Please advise

  2. Hi Alfredo,

    If you try this then the ASA gives an error that the end time is before the start time. You should configure it like this:

    time-range TEST
    periodic weekdays 23:00 to 23:59
    periodic weekdays 0:00 to 2:00

    Hope that helps!


  3. Hi ene,


    How can you block websites by category? Like games using the ASA? Do I need a web filtering system?

  4. Hi Alfredo,

    On the previous ASA generation this will be difficult, you can filter URLs but that’s pretty much it. The newer generation that supports firepower makes this a lot easier.

    It lets you filter websites based on categories and such.


  5. Hi, Rane
    Can you provide some lessons on context base ACL on ASA 5512 firepower? how it works and lab related to that?

    Thank you

1 more reply! Ask a question or join the discussion by visiting our Community Forum