Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Allow few site and block all other web sites

Hi i  need sample configuration using rogex  command   to   allow few web sites and block  to 192.168.2.0 networks and allow full  access to 192.168.10 .0 networks . i have configures two inside network

 

1 REPLY
VIP Green

You could try something like

You could try something like the following to allow traffic to specific websites and then deny all other web/https traffic.  Keep in mind that in the configuration I am assuming you have two seperate interfaces for the two network connected to the ASA (that could be two subinterfaces or two seperate physical interfaces.

access-list LAN1 permit tcp 192.168.2.0 255.255.255.0 any eq http
access-list LAN1 permit tcp 192.168.2.0 255.255.255.0 any eq https

regex domainlist1 "\.yahoo\.com"
regex domainlist2 "\.myspace\.com"
regex domainlist3 "\.youtube\.com"

class-map LAN
  match access-list LAN1

class-map type regex match-any DomainList
  match regex domainlist1
  match regex domainlist2
  match regex domainlist3

class-map type inspect http match-all DomainClass
  match request header host regex class DomainList

policy-map type inspect http http_inspect_policy
  class DomainClass
    inspect

  class class-default
    drop

policy-map inside1-policy
  class LAN1
    inspect http http_inspect_policy

service-policy inside1-policy interface inside1

--

Please remember to select a correct answer and rate helpful posts

--

Please remember to rate and select a correct answer
42
Views
0
Helpful
1
Replies
CreatePlease to create content