URL filtering

Unanswered Question
Jun 27th, 2007
User Badges:


I have PIX 515E implemented in my network,there 200 lan users are there ,out of them 10 users are SAP users,they used to access the SAPserver.com site very frequently,I want to allow them to access only the SAPservers.com,I do not want to allow them to access the other web sites other than SAPservers.Can I do it with PIX515E.Please help me how to do it.

Thanks and Regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4.5 (2 ratings)
srue Thu, 06/28/2007 - 04:17
User Badges:
  • Blue, 1500 points or more

You can do true URL filtering using N2H2 or websense products. If you don't want to invest in a 3rd party product, you will have to look up the IP addresses of the hosts that you want to allow them access to and custom create ACL's. You could also use nbar with a policy-map/class-map if you have an IOS router somewhere in the path of data.

rochopra Thu, 06/28/2007 - 04:21
User Badges:
  • Cisco Employee,


This can be achieved if you do authentication of pass through http traffic through RADIUS (ACS)

aaa authentication include http inside RADIUS

After authentication from radius on per user basis you can download ACL (from radius dynamically) which can allow or deny a traffic for user.

Following link can give you more information on pass through authentication:


Following link can give you more information on downloading ACL's through Radius:


Hope this helps.




This Discussion