ASA and URL-Filtering

Unanswered Question
Sep 17th, 2007
User Badges:

I have recently deployed two ASA in Active/Standby failover mode. When a users goes to a site such as hotmail.com, the connection appears to be blocked, generating the syslog message below.


Sep 17 13:12:19 gateway-fw-i %ASA-5-304002: Access denied URL SRC 10.X.X.X DEST 207.46.8.249 on interface inside

Sep 17 13:12:20 gateway-fw-i %ASA-6-302014: Teardown TCP connection 1807606 for outside:207.46.8.249/80 to inside:10.X.X.X/1847 duration 0:00:03 bytes 1393 Flow closed by inspection


However, hitting F5 seems to bypass the filter. Has anyone seen this issue before? The url server is Websense and the filtering config is listed below.


url-server (inside) vendor websense host 10.x.x.x timeout 30 protocol TCP version 4 connections 25

url-cache dst 128

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

url-block block 128


The code is Cisco Adaptive Security Appliance Software Version 7.0(6)



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tstanik Fri, 09/21/2007 - 14:04
User Badges:
  • Bronze, 100 points or more

This problem may appear because of URL getting truncated. Add the following statement to your URL filtering statements:

filter url http 0.0.0.0 0.0.0.0 allow longurl-truncate


Actions

This Discussion