Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

Troubles with Regex on ASA

I've been studying how inspect policy maps work on an ASA, and I come across the part where they talk about  blocking content using regex expressions.  I see that there are plenty  of examples published by Cisco (and many threads on various discussion boards) and I also see that there is a widly  published syntax for regular expressions.  All of this make sense to me  so far.  But, then I tried to configure this feature on my ASA, which has  proven to be much harder than it should be.

First, I  started on version 7.2(4).  I configured it exactly as they said and it didn't work, so I upgraded to 8.0(4) and the same thing occured.  Now, I'm running 8.2(2) and I'm bumping into the same problem.  Has anyone had such issues with this?  Let me show you what I'm doing:

ciscoasa(config)# sho run regex
regex testa "a\.com"
ciscoasa(config)# test regex a.com testa
INFO: Regular expression match failed.
ciscoasa(config)# test regex acom testa
INFO: Regular expression match failed.
ciscoasa(config)# test regex a\.com testa
INFO: Regular expression match failed.
ciscoasa(config)#

ciscoasa(config)# sho run regex
regex cisco_website "\.cisco\.com"
ciscoasa(config)# test regex www.cisco.com cisco_website
INFO: Regular expression match failed.
ciscoasa(config)# test regex .cisco.com cisco_website
INFO: Regular expression match failed.
ciscoasa(config)# test regex cisco.com cisco_website
INFO: Regular expression match failed.
ciscoasa(config)#

ciscoasa(config)# sho run regex
regex cisco_website ".*\.cisco\.com"
ciscoasa(config)# test regex www.cisco.com cisco_website
INFO: Regular expression match failed.
ciscoasa(config)# test regex .cisco.com cisco_website
INFO: Regular expression match failed.
ciscoasa(config)# test regex cisco.com cisco_website
INFO: Regular expression match failed.
ciscoasa(config)#


ciscoasa(config)# sho run regex
regex file1 ".*[fF][iI][lL][eE][1]\.[tT][xX][tT].*"
ciscoasa(config)# test regex file12.txt file1
INFO: Regular expression match succeeded.
ciscoasa(config)# test regex file1txt file1
INFO: Regular expression match succeeded.
ciscoasa(config)# test regex file2txt file1
INFO: Regular expression match failed.
ciscoasa(config)# test regex file21txt file1
INFO: Regular expression match failed.
ciscoasa(config)# test regex file12txt file1
INFO: Regular expression match succeeded.
ciscoasa(config)# test regex blahfile1.blah.txtblah file1
INFO: Regular expression match succeeded.
ciscoasa(config)#


ciscoasa(config)# regex r-facebook www\.facebook\.com
ciscoasa(config)# test regex www.facebook.com r-facebook
INFO: Regular expression match failed.
ciscoasa(config)# regex r-facebook facebook
ciscoasa(config)# test regex www.facebook.com r-facebook
INFO: Regular expression match failed.
ciscoasa(config)# regex r-facebook .*facebook.*
ciscoasa(config)# test regex www.facebook.com r-facebook
INFO: Regular expression match failed.
ciscoasa(config)#

So, I have the regex expressions configured exactly as they should, but when I use the "test regex" feature, stuff doesn't match when it should and it does match when it shouldn't.

Any help is appreciated.

Jeff

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Troubles with Regex on ASA

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

regex testa "a\.com"
5505(config)# test regex http://a.com a\.com
INFO: Regular expression match succeeded.
5505(config)#

It works...

-KS

2 REPLIES
Cisco Employee

Re: Troubles with Regex on ASA

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a0080940e04.shtml

regex testa "a\.com"
5505(config)# test regex http://a.com a\.com
INFO: Regular expression match succeeded.
5505(config)#

It works...

-KS

Community Member

Re: Troubles with Regex on ASA

Ahh, I see what I've done.  I thought the "test regex" command referenced the regex that I had already configured, not the actual expression on the "test regex" line.  I expected it to work like testing a voice dial peer, but I'm set straight now.

Thanks for your help.

Jeff

3823
Views
0
Helpful
2
Replies
CreatePlease to create content