Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

Silver

Problem In Policy

Dear All

I am binding the policy in ASA 5500, everthing works fine except we are not able to download the mail attachment from MSN.

The ASA OS Version is 8.2(1).

regex domainlist2 ".*sandai.*"

regex domainlist4 ".*megaupload.*"

regex domainlist5 ".*sendspace.*"

regex domainlist6 ".*rapidshare.*"

access-list inside_mpc extended permit tcp any any eq www

access-list inside_mpc extended permit tcp any any eq 8080

class-map type regex match-any DomainBlockList

match regex domainlist2

match regex domainlist4

match regex domainlist5

match regex domainlist6

class-map type inspect http match-all BlockDomainsClass

match request header host regex class DomainBlockList

class-map httptraffic

match access-list inside_mpc

policy-map type inspect http http_inspection_policy

parameters

protocol-violation action drop-connection

match request method connect

drop-connection log

class BlockDomainsClass

reset log

policy-map inside-policy

class httptraffic

inspect http http_inspection_policy

service-policy inside-policy interface Internal

regards

shivlu jain

1 REPLY

Re: Problem In Policy

Try removing the non-standard HTTP check and see how it goes:

no protocol-violation action drop-connection

Or change the action from drop to logging only

Regards

Farrukh

154
Views
0
Helpful
1
Replies