Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

ASA 5510 integrate websense

Hi,

Please somebody can help me how to integrate ASA5510 with websense ...

Regards,

7 REPLIES
Anonymous
N/A

Re: ASA 5510 integrate websense

Anonymous
N/A

Re: ASA 5510 integrate websense

Anonymous
N/A

Re: ASA 5510 integrate websense

New Member

Re: ASA 5510 integrate websense

I assuming you will deploy websense in your inside network ,do not put it in the DMZ.Followed is code for URL filterting:

1. ASA

url-server (Inside) vendor websense host 192.168.3.4 timeout 30 protocol TCP version 4 connections 5

url-cache src_dst 128

url-block block 128

filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

filter ftp 21 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow #optional,if you want to filter ftp#

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow proxy-block

policy-map global_policy

class inspection_default

inspect http #http inspect enabled#

!

service-policy global_policy global

2. websense : see attched screen shot

select " Integrate" mode ,not "standalone"

select "Cisco ASA appliance"

ASA only filter URL ,if you want to filter protocol, you should configure websense filter agent accordingly.

if the post help, please rate ,thanks

New Member

Re: ASA 5510 integrate websense

Hello!

I am currently working on a ASA5520 with CSC SSM on it. Im trying to test URL blocking, but Im not sucessful. Is it absolutely necessary to have Websense or N2H2 to successfully filter or block URLs? I want to know if ASA CSC SSM can to the URL blocking by itself. Thank you!

Lorenz

New Member

Re: ASA 5510 integrate websense

You can use CSC SSM to do url filtering, not necessary to configure Websense and N2H2 on the ASA. The difference are.

1. I belive (guess:)) CSC SSM will send your URL check request to the server host on the Internet by Trend

2. WebSense and N2H2 solutions will have your ASA redirect URL request to server in your LAN,because signature database larger than 200M for websense v6.2.

if the post help,please rate.

Peng

Silver

Re: ASA 5510 integrate websense

Hello Lorenz,

It is not enough to enable the URL blocking and filtering through the CSC module interface. YOu have to configure the ASA to pass HTTP traffic through the CSC module otherwise traffic won't be filtered by the CSC even if you do the web configuration.

Below you can find a sample config to pass traffic to the CSC. The below will pass FTP, POP3, HTTP and SMTP. These are the only supported protocols by CSC.

access-list csc_inside_outbound permit tcp "Inside_subnet" any eq 21

access-list csc_inside_outbound permit tcp "Inside_subnet" any eq 80

access-list csc_inside_outbound permit tcp "Inside_subnet" any eq 110

access-list csc_inside_outbound permit tcp "Inside_subnet" any eq 25

class-map csc_inside_outbound_class

match access-list csc_inside_outbound

policy-map csc_inside_out_policy

class csc_inside_outbound_class

csc fail-open

service-policy csc_inside_out_policy interface inside

Appreicate your rating if I could help,

Regards,

2258
Views
4
Helpful
7
Replies
CreatePlease to create content