Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ASA 5505 URL Filtering/Blocking

Hi,

I have ASA 5505 running 7.2.4, I want to prevent users accessing some web sites such as facebook , youtube and hotmail etc.

Can you please advise if that is possible with ASA 5505?

Which ASA 5505 IOS version should I use to block web access?

I don't want to isntall a dedicated filtering server ( websense etc) , I just want to block web sites statically on ASA 5505 via ASDM as I only have few sites to block.

Can you please let me know if ASA 5505 can do URL filtering, and what IOS is required ?

Many thanks

Salman.

1 REPLY
VIP Purple

Cisco ASA 5505 URL Filtering/Blocking

Which ASA 5505 IOS version should I use to block web access?

not only for blocking but in general I would go for the newest 8.2 release. For everything newer you propably need a memory-upgrade.

How to block websites:

1) For HTTP you can write a L7-policy (HTTP-inspect-map) where you deny the domains or FQDNs you don't want.

2) For HTTPS it's not that easy as the ASA can't inspect that traffic. For that you could write a DNS-inspection and drop all queries for facebook etc. Of course that will not stop your users if they are smart enough ...

I would go the following way:

3) don't allow TCP/80 and TCP/443 through the ASA and send that traffic through a proxy. Then do the filtering there.


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
2502
Views
0
Helpful
1
Replies
CreatePlease login to create content