Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Prohibit traffic for particular users ASA5505

Hi Community.

I've read following guide how to use MPF and Regex.

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

What my question is how should the ASA know which user is now surfing in the web. Does the IE or Mozilla sends the usercredentials in the webstream ? How can the ASA extract from the HTTP traffic which user is now surfing.

Is MPF and Regex really working to prohibit traffic for particular users?

I dont think so, the only solution in my opinion is to use a proxy server.

Thanks guys and kind regards

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Prohibit traffic for particular users ASA5505

Hello Patrick,

No, you will be filtering or denying traffic based on the source IP address.

So that's how the ASA will filter the traffic, based on the source IP address and the respective MPF configuration.

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
4 REPLIES
Bronze

Re: Prohibit traffic for particular users ASA5505

is it vpn user?

Sent from Cisco Technical Support iPhone App

New Member

Re: Prohibit traffic for particular users ASA5505

No direct connected to the inside interface.

Sent from Cisco Technical Support iPhone App

Re: Prohibit traffic for particular users ASA5505

Hello Patrick,

No, you will be filtering or denying traffic based on the source IP address.

So that's how the ASA will filter the traffic, based on the source IP address and the respective MPF configuration.

For more information about Core and Security Networking follow my website at http://laguiadelnetworking.

Any question contact me at jcarvaja@laguiadelnetworking.com

Cheers,

Julio Carvajal Segura

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

Re: Prohibit traffic for particular users ASA5505

Hi Patrick,

I think you answered your question from the start.  ASA's can do deep HTTP inspection by inspecting MIME types and looking for REGEX strings.  However, like you pointed out, unless that string specifically has the user credentials or you can implement a REGEX to pull a consistent string your not going to be able to proxy your user traffic.

I have implemented HTTP Inspect Policy-Maps to restrict access to specific sites and I implemented the REGEX syntax to pull the URL strings.  I have only implemented on very rare occasions in the event the client didn't have a proxy and specific comprimise was communicating to a site or entity that had multiple Layer 3 destinations.

thanks.

95
Views
0
Helpful
4
Replies
CreatePlease to create content