Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Any solutions for URL based routing

Hi,

I have an ASA 5505 that has 2 route (1 route connecting to MPLS VPN to HK branch office and 1 route connecting to Internet service provider). As you know, ISP in China blocking many web sites (such as facebook, youtube or etc.). So , I would like to route the traffic when the user in China office would like to browse facebook.com or youtube.com to HK ASA and egress to the internet by NAT. However, all other traffic remain to route to ISP in China, so that the Internet traffic in HK office will not be overload and the user in China can browse facebook.com or youtube.com.

I have researched a topic of regular expression with Modular Policy Framework (MPF). I expected that if the ASA can match the traffic, I can set next hop to HK office's ASA. However, this feature does not support https so that my expectation failed. Because the login page and sometime these web site using https for encryption. I hope URL based routing work on both http and https can work.

Do anyone have any solutions to resolve this situation? Please kindly provide it to me. I would appreiciate it if you could also provide configuration example with commands. I look forward to hearing from anyone soon. Thank you.

Regards,

Lapson Wong

Everyone's tags (3)
2 ACCEPTED SOLUTIONS

Accepted Solutions

Any solutions for URL based routing

I'd rather prefer a proxy solution with automatic proxy configuration (PAC), where specified URLs go to the proxy in HK, everything else bypass proxy.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
VIP Green

Re: Any solutions for URL based routing

What you are trying to do is policy-based routing which is not supported on the ASA.  MPF is used only for inspection and QoS type serverices.

If using a proxy is not an option, you would need to put in a router that would send the desired traffic over the WAN network.  another option, though I would not recommend it, is to find all the IPs of facebook, youtube, etc. and add static routes on the ASA pointing out the WAN interface.

-- Please remember to rate and select a correct answer
3 REPLIES

Any solutions for URL based routing

I'd rather prefer a proxy solution with automatic proxy configuration (PAC), where specified URLs go to the proxy in HK, everything else bypass proxy.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
VIP Green

Re: Any solutions for URL based routing

What you are trying to do is policy-based routing which is not supported on the ASA.  MPF is used only for inspection and QoS type serverices.

If using a proxy is not an option, you would need to put in a router that would send the desired traffic over the WAN network.  another option, though I would not recommend it, is to find all the IPs of facebook, youtube, etc. and add static routes on the ASA pointing out the WAN interface.

-- Please remember to rate and select a correct answer
New Member

Any solutions for URL based routing

Thank you for your reply. I throught ASA can do the policy based routing based on URL. Now, I understand that I misunderstand something. I hope ASA can do this in the future.

Ok, PAC is a good idear. I prefer to use proxy in this situation. Thx.

1016
Views
0
Helpful
3
Replies