Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
255
Views
0
Helpful
2
Replies

PIX and Dynamic Caching Server

robert.leon
Level 1
Level 1

‎12-27-2005 01:21 PM - edited ‎02-21-2020 12:36 AM

Hello all,

I am fairly new to the PIX admin team but have what seems to be a strange problem. Our PIXs are setup to perform an explicit deny to all WWW traffic from our retail stores minus exceptions. We had a rule to allow our pharmacies to visit The Center for Disease Control (www.cdc.gov) but over the last few weeks the rule no longer works. If you perform a lookup on www.cdc.gov, it responds with a DCS address (*.mirror-image.net). How can I create a rule on the PIX using this information which will allow http traffic to www.cdc.gov?

0 Helpful
2 Replies 2

jackko
Level 7
Level 7

‎12-27-2005 03:25 PM

without a third party web filter software, such as websense, pix can only filter the traffic with ip address.

i did a nslookup:

Name: prpx.service.mirror-image.net

Address: 128.242.107.120

Aliases: www.cdc.gov

i guess the acl should be look like:

access-list outbound permit tcp any host 128.242.107.120 eq 80

access-list outbound deny tcp any any eq 80

access-list outbound

0 Helpful

robert.leon
Level 1
Level 1
In response to jackko

‎12-28-2005 07:59 AM

There lies the problem...

While the lookup returns that IP, the DCS does not necessarily respond and forward the HTTP request. I figured as much that we'd have to use a content filtering solution such as Websense or Fortinet.

Thanks for the response Jackko

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card