Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Forwarding Traffic based on Domain name(Google).

Hello ,

Please let me know if this is possible.

I have a asa5520 firewall with 8.2 version.I have two ISP's coming into my firewall for Internet. Currently I am forwarding all my traffic to one of the ISP. I would like to forward only traffic to Google to the second ISP. The reason I am trying to do this is Google reports my primary IP. The message users get is "

When Google detects that a computer or phone on your network may be sending automated traffic to Google we may show the following message: "Our systems have detected unusual traffic from your computer network." after this message users will have to enter a captcha code.

"

This is an intermittent issue. I would like to test it by forwarding only google traffic to my second ISP. I cannot forward all the traffic to my secondary IPS the reason is I am having site to site tunnels going on my default primary route and If I do it all my tunnels would go down.

Any help regarding this issue or workaround would be appreciated.

OR if I can actually find an IP/user on my inside network which is generating hight traffic to google which is resulting in entering the captcha code and sometimes opening multiple tabs. or if I can ratelimit to allow fixed number of connections to google.

Thanks.

1 REPLY

Forwarding Traffic based on Domain name(Google).

Hello,

First of all the ASA does not support PBR so thats our first wall.

There are some tweaks that we could do with NAT but that would be based on the destination IP address. In this case you will be trying to do the NAT based on the FQDN which does not work.

You will need to determine all of the IP address of google (I know..I know ) and then configure the NAT policies to tweak the Firewall behavior.

How does this sound to you?

Looking for some Networking Assistance? 
Contact me directly at jcarvaja@laguiadelnetworking.com

I will fix your problem ASAP.

Cheers,

Julio Carvajal Segura
http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
209
Views
0
Helpful
1
Replies
CreatePlease to create content