Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

URL Filtering on Cisco Router

Hello ,

I have configured our Cisco Router to filter URL's that is to allow only specific URL's and block other website. I have got 2 question this context

- How I can apply it only for some specific users ? Meaning for some users I want to give the full access

- I have noticed its filtering HTTPS websites ? How I can deny https websites

This my router config

R2#sh running-config

Building configuration...

Current configuration : 2460 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R2

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

resource policy

!

memory-size iomem 5

ip subnet-zero

no ip icmp rate-limit unreachable

ip cef

ip tcp synwait-time 5

!

!

ip inspect name cbac-filter http urlfilter

ip inspect name cbac-filter https

!

!

no ip domain lookup

ip urlfilter exclusive-domain permit .youtube.com

ip urlfilter exclusive-domain permit .facebook.com

ip urlfilter exclusive-domain permit .dailymotion.com

!

!

!

!

username admin privilege 15 secret 5 XXXXXXXXXXXXXXXXXXXXXXXXXX

!

!

!

!

!

interface FastEthernet0/0

ip address 1.1.1.1  255.255.255.252

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface FastEthernet0/1

ip address 192.168.150.100 255.255.255.0

ip inspect cbac-filter in

ip nat inside

ip virtual-reassembly

duplex auto

speed auto

!

ip classless

ip route 0.0.0.0 0.0.0.0 1.1.1.2

no ip http server

no ip http secure-server

ip nat inside source list 100 interface FastEthernet0/0 overload

!

access-list 100 permit ip 192.168.150.0 0.0.0.255 any

!

!

control-plane

!

!

!

line con 0

exec-timeout 0 0

privilege level 15

logging synchronous

line aux 0

exec-timeout 0 0

privilege level 15

logging synchronous

line vty 0 4

login

!

!

end

TIA and Best Regards

7 REPLIES

URL Filtering on Cisco Router

Hello,

When you say Specific users do you mean based on Active Directory users for example??? Or you are talking about IP addresses???

Now related to the HTTPS, you will need an external device to make it happen that acts as a SSL Gateway such as ScanSafe,IronPort, Websense, Trend Micro, etc.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

URL Filtering on Cisco Router

Hello,

I mean IP addresses. Its an small office I dont want to add proxy server. Please help me to achieve with router.

Thanks

URL Filtering on Cisco Router

Hello,

Oh wait a minute, did I just saw a CBAC Config.. Then my advise is migrate to ZBFW so you can accomplish this bud.

As you can see CBAC is way NOT flexible.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

URL Filtering on Cisco Router

Please can you help with config

I have Cisco Router Cisco 2921 IOS version

Cisco IOS Software, C2900 Software (C2900-UNIVERSALK9-M), Version 15.2(4)M3, REL

EASE SOFTWARE (fc2)

Thanks

URL Filtering on Cisco Router

Hi,

With CBAC you cannot do the specific filtering for certain users.

and for the HTTPS you need an external HTTPS Proxy buddy.

Rate all of the helpful posts!!!

Regards,

Jcarvaja

Follow me on http://laguiadelnetworking.com

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
New Member

URL Filtering on Cisco Router

Pleaes help me to achieve to through ZBFW

Hall of Fame Super Gold

URL Filtering on Cisco Router

How I can apply it only for some specific users ? Meaning for some users I want to give the full access

I think you need to look into proxy servers. 

217
Views
0
Helpful
7
Replies
CreatePlease login to create content