Am trying to make DNS filtering work as URL filtering cannot permit https traffic.
Config is as per below. The thing is that it blocks every url at the moment instead of just test - gmail.com as per regex
It looks simple on the paper but cannot make it work (
regex test "gmail\.com"
access-list http-user-vlan414-acl extended permit object-group http-inspect-ports 10.4.14.0 255.255.255.0 any
class-map type regex match-any DomainBlockList description blocked domains match regex test !
match access-list http-user-vlan414-acl
! policy-map type inspect dns vlan414-policy parameters message-length maximum 512 match domain-name regex class DomainBlockList drop-connection log ! policy-map http-main-policy-vlan414 class http-user-vlan414-class inspect dns vlan414-policy
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...