ASA and URL-Filtering

Unanswered Question
Sep 17th, 2007

I have recently deployed two ASA in Active/Standby failover mode. When a users goes to a site such as hotmail.com, the connection appears to be blocked, generating the syslog message below.

Sep 17 13:12:19 gateway-fw-i %ASA-5-304002: Access denied URL SRC 10.X.X.X DEST 207.46.8.249 on interface inside

Sep 17 13:12:20 gateway-fw-i %ASA-6-302014: Teardown TCP connection 1807606 for outside:207.46.8.249/80 to inside:10.X.X.X/1847 duration 0:00:03 bytes 1393 Flow closed by inspection

However, hitting F5 seems to bypass the filter. Has anyone seen this issue before? The url server is Websense and the filtering config is listed below.

url-server (inside) vendor websense host 10.x.x.x timeout 30 protocol TCP version 4 connections 25

url-cache dst 128

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

filter url 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

url-block block 128

The code is Cisco Adaptive Security Appliance Software Version 7.0(6)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
tstanik Fri, 09/21/2007 - 14:04

This problem may appear because of URL getting truncated. Add the following statement to your URL filtering statements:

filter url http 0.0.0.0 0.0.0.0 allow longurl-truncate

Actions

This Discussion