To block url on differnet vlans.

Unanswered Question

Hi,

Would like to is the possibilty of blocking completley from a range of ip addresses in a vlan.

Design is something.

ASA-->Switch (L3)---->Internal users in diffrent vlans.


All the Vlans are on L3 switch.something like vlan1 on192.168.1.0/24,vlan2 on 192.168.2.0/24,vlan3 192.168.3.0/24 and so on..

None of the vlans can talk to each other as they belong to different departments,but can go to the internet and can access all the internet.


Here want to block most of the urls on say vlan3 and allow few.On rest of the VLANS don't want to restrict the urls etc.

Is this possible if going with a csc module.


Reg,

Sushil

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
Marwan ALshawi Sat, 08/30/2008 - 07:42
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Best Publication, December 2015

ofcource u can

as long as those VLANs have diffrent ip addressing

then u can control whos to be included in a such policy and whos not based on the source IP address

also u can achive it by using ACLs,class-map and policy map with http inspection using MPF on cisco ASA and block certain websites and u can exclude on or more subnets (vlan) or hosts based on the source IP


for example lets say u wanna exclude vlan 2 from http and url filltering and include anything else to be passed to CSC modul


access-list csc-acl deny tcp 192.168.2.0 255.255.255.0 any eq www

access-list csc-acl permit tcp any any eq www


class-map csc-class

match access-list csc-acl


policy-map global_policy

class csc-class

csc fail-open


in this case evry http traffic will be passed and inspected by the CSC except vlan 2 traffic


and u can make whatever permit or deny


good luck


please, if helpful Rate

Actions

This Discussion