The Cisco ASA firewall supports time based access-lists. Simply said, for each entry that you configure you can specify it to be valid only during a certain time or day.
Take a look at the image below:
Above we have an inside host (R1) and a HTTP server in the DMZ (R3). Let’s say that our users on the inside should not be able to access this web server during working hours. Here’s what the configuration would look like:
ASA1(config)# clock set 13:55:00 3 December 2014First I’ll configure the clock, next step is to create a time-range:
ASA1(config)# time-range WORK_HOURS
ASA1(config-time-range)# periodic weekdays 09:00 to 17:00This time-range called “WORK_HOURS” matches on weekdays and between 09:00 to 17:00. Now we can create an access-list:
Hi Rene,
I noticed on the Time Base Access-list that when I try to configure from 11:00pm to 2:00am it says that has the wrong time range. The way I specified is periodic weekdays 23:00 to 02:00.
What am I doing wrong? Please advise
Hi Alfredo,
If you try this then the ASA gives an error that the end time is before the start time. You should configure it like this:
time-range TEST
periodic weekdays 23:00 to 23:59
periodic weekdays 0:00 to 2:00
Hope that helps!
Rene
Hi ene,
How can you block websites by category? Like games using the ASA? Do I need a web filtering system?
Hi Alfredo,
On the previous ASA generation this will be difficult, you can filter URLs but that’s pretty much it. The newer generation that supports firepower makes this a lot easier.
It lets you filter websites based on categories and such.
Rene
Hi, Rane
Can you provide some lessons on context base ACL on ASA 5512 firepower? how it works and lab related to that?
Thank you
Shraddha