×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Forwarding Traffic based on Domain name(Google).

Unanswered Question
Jan 4th, 2014
User Badges:

Hello ,


Please let me know if this is possible.


I have a asa5520 firewall with 8.2 version.I have two ISP's coming into my firewall for Internet. Currently I am forwarding all my traffic to one of the ISP. I would like to forward only traffic to Google to the second ISP. The reason I am trying to do this is Google reports my primary IP. The message users get is "

When Google detects that a computer or phone on your network may be sending automated traffic to Google we may show the following message: "Our systems have detected unusual traffic from your computer network." after this message users will have to enter a captcha code.

"

This is an intermittent issue. I would like to test it by forwarding only google traffic to my second ISP. I cannot forward all the traffic to my secondary IPS the reason is I am having site to site tunnels going on my default primary route and If I do it all my tunnels would go down.


Any help regarding this issue or workaround would be appreciated.


OR if I can actually find an IP/user on my inside network which is generating hight traffic to google which is resulting in entering the captcha code and sometimes opening multiple tabs. or if I can ratelimit to allow fixed number of connections to google.


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Julio Carvajal Sat, 01/04/2014 - 23:20
User Badges:
  • Purple, 4500 points or more

Hello,


First of all the ASA does not support PBR so thats our first wall.


There are some tweaks that we could do with NAT but that would be based on the destination IP address. In this case you will be trying to do the NAT based on the FQDN which does not work.


You will need to determine all of the IP address of google (I know..I know ) and then configure the NAT policies to tweak the Firewall behavior.


How does this sound to you?


Looking for some Networking Assistance? 
Contact me directly at [email protected]

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Actions

This Discussion