Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

To block url on differnet vlans.

Hi,

Would like to is the possibilty of blocking completley from a range of ip addresses in a vlan.

Design is something.

ASA-->Switch (L3)---->Internal users in diffrent vlans.

All the Vlans are on L3 switch.something like vlan1 on192.168.1.0/24,vlan2 on 192.168.2.0/24,vlan3 192.168.3.0/24 and so on..

None of the vlans can talk to each other as they belong to different departments,but can go to the internet and can access all the internet.

Here want to block most of the urls on say vlan3 and allow few.On rest of the VLANS don't want to restrict the urls etc.

Is this possible if going with a csc module.

Reg,

Sushil

4 REPLIES

Re: To block url on differnet vlans.

ofcource u can

as long as those VLANs have diffrent ip addressing

then u can control whos to be included in a such policy and whos not based on the source IP address

also u can achive it by using ACLs,class-map and policy map with http inspection using MPF on cisco ASA and block certain websites and u can exclude on or more subnets (vlan) or hosts based on the source IP

for example lets say u wanna exclude vlan 2 from http and url filltering and include anything else to be passed to CSC modul

access-list csc-acl deny tcp 192.168.2.0 255.255.255.0 any eq www

access-list csc-acl permit tcp any any eq www

class-map csc-class

match access-list csc-acl

policy-map global_policy

class csc-class

csc fail-open

in this case evry http traffic will be passed and inspected by the CSC except vlan 2 traffic

and u can make whatever permit or deny

good luck

please, if helpful Rate

Re: To block url on differnet vlans.

Yes - see the below url for the configuration, just replace the source "any" in the "inside_mpc" access-list to the IP address of the VLAN to you want to block.

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080940c5a.shtml

http://www.cisco.com/en/US/customer/products/ps6120/products_configuration_example09186a0080940e04.shtml

HTH>

New Member

Re: To block url on differnet vlans.

Thanks for your info gentlemen.

Presently using 5510 sec bun.

What all I need to add in terms of licenses/module.Is it CSC module and license or is it the one or same thing.How mature is this csc module in ASA.

Re: To block url on differnet vlans.

I cannot comment on the CSC - as I have not used it, however the below link might help you:-

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps6032/ps6094/ps6120/ps6823/product_data_sheet0900aecd80402e4f_ps6120_Products_Data_Sheet.html

HTH>

339
Views
8
Helpful
4
Replies