Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

How to block website for perticular users using ASDM 6.0 ?

Hello All,

I am very new in using ASDM. actually i am using ASA 5510 version 8.0 & ASDM version 6.0.

I want to block certian websites on LAN users

For Example:

I am having LAN ips in range 192.168.1.0 /24

i want to permit all website for 192.168.1.2 & 192.168.1.14 users

& Block websites (such as social networking, IM websites etc.) for rest of all users.

Can anyone tell me how to do that using ASDM 6.0 or CLI ??

Any help is greatly helpful ......  Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: How to block website for perticular users using ASDM 6.0 ?

Sure..

Here is an example:

object-group network allow-list

     network-object host 192.168.1.2

     network-object host 192.168.1.14

object-group network block-list

     network-object host 192.168.1.5

     network-object 192.168.1.32 255.255.255.248

access-list inside_mpc extended deny tcp object-group allow-list any eq 80

access-list inside_mpc extended permit tcp object-group block-list any eq 80

Hope that helps.

11 REPLIES
Cisco Employee

Re: How to block website for perticular users using ASDM 6.0 ?

ASA natively does not have a feature to block particular website. You might need to use Regex via MPF to block website via ASA. Here is the sample configuration for your reference:

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

To block website natively, you can use CSC module on the ASA, or Ironport web appliance, or ScanSafe web filtering solution in the cloud.

Hope that helps.

Community Member

Re: How to block website for perticular users using ASDM 6.0 ?

Hello,

Thanks for reply. I think this should help me to block website for all users.

But i want to block websites for some users & want to permit all websites for 2 users (as 192.168.1.2 & 1.14).

Then how to do that ?

Cisco Employee

Re: How to block website for perticular users using ASDM 6.0 ?

From the sample configuration, you can tweak the access-list "inside_mpc" as follows:

access-list inside_mpc extended deny tcp host 192.168.1.2 any eq 80

access-list inside_mpc extended deny tcp host 192.168.1.14 any eq 80

access-list inside_mpc extended permit tcp any any eq 80

The first 2 lines of ACL will prevent 192.168.1.2 and 192.168.1.14 from being blocked towards the URL that you specify later with Regex.

Hope that helps.

Community Member

Re: How to block website for perticular users using ASDM 6.0 ?

Thank you very much.

one last qusetion. Can i create a object group 1 for which i want to permit all traffic & object group 2 for which want to block specific traffic..

is it possible ? if so can you please tell me how to do that ?

Cisco Employee

Re: How to block website for perticular users using ASDM 6.0 ?

Sure..

Here is an example:

object-group network allow-list

     network-object host 192.168.1.2

     network-object host 192.168.1.14

object-group network block-list

     network-object host 192.168.1.5

     network-object 192.168.1.32 255.255.255.248

access-list inside_mpc extended deny tcp object-group allow-list any eq 80

access-list inside_mpc extended permit tcp object-group block-list any eq 80

Hope that helps.

Community Member

Re: How to block website for perticular users using ASDM 6.0 ?

Thank you very much.

I will implement it & reply you back,.

thanks again..

Community Member

Re: How to block website for perticular users using ASDM 6.0 ?

Hello,

Sorry to disturb you again, But can you tell me what is the meaning of the statement..

access-list inside_mpc extended deny tcp 192.168.1.2 any eq www

Cisco Employee

Re: How to block website for perticular users using ASDM 6.0 ?

Basing it from the sample configuration posted earlier, the following ACL:

access-list inside_mpc extended deny tcp 192.168.1.2 any eq www

means that the user with ip address of 192.168.1.2 will be exempted from being blocked, ie: that user will not be inspected against the MPF rule configured for TCP/80 (HTTP) traffic.

Community Member

Re: How to block website for perticular users using ASDM 6.0 ?

Dear halijenn ,

thanks for help. Its really works..

Thanks...

Cisco Employee

Re: How to block website for perticular users using ASDM 6.0 ?

Great, thanks for the update. Pls kindly mark the question as answered. Thanks.

Community Member

Re: How to block website for perticular users using ASDM 6.0 ?

ok. thanks

1628
Views
4
Helpful
11
Replies
CreatePlease to create content