Re: URL Filtering WITHOUT Websense? - Page 2

brider · ‎01-03-2007

Hi folks. I am new to Cisco products and there are a few things I am

trying ot configure. I am running a 2821 Router with IOS v 12.4(10a).

I am trying to configure the URL filtering portion of the firewall ACL.

I have configured to deny one site, then I enable the filter and it

shuts down all internet sites. When I disable the URL filtering,

everything works fine again. This looks pretty cut and dry but

apparently it is not. I was also reading that I needed a websense

server to use this feature? Is that correct? Thanks.

a.shaukat · ‎07-08-2007

how can we do it on ASA5520?? as far as i have come to know.. we need a websense server for it..any comments ?

kamran.cisco · ‎12-16-2007

yea you can block particular web sites both using any url filtering server like websense or smarfilter both suppoterd on ASA platform or you can block statically using ACL for example for block hotmail.com

access-list acl-in remark Block hotmail.com

access-list acl-in extended deny tcp any 64.4.0.0 255.255.192.0 eq www log

access-list acl-in extended permit ip any any

i am not sure about subnet mask it will in CIDR format 64.4.0.0/18

this acl block whole hotmail.com on asa

regard

IM-Design · ‎06-11-2008

Hi,

Will this work on an 1811 router with zone based firewall currently in operation?

jbenson · ‎05-28-2008

Where do you apply these commands? In global config mode? Within the access list? Any help is appreciated.

jbenson · ‎06-03-2008

Kamran.Cisco,

Could you please post a running config where this is configured on an ASA and is working. I am new to the ASA line and need a little guidance. Thank you for your help.

Jason

dgroscost · ‎06-11-2008

access-list inside_access_out remark Block Hotmail.com

access-list inside_access_out extended deny tcp any 64.4.0.0 255.255.192.0 eq www log

access-list inside_access_out extended permit ip any any

access-group inside_access_out in interface inside

Typically, the Ethernet0/X port on your ASA that is on your PRIVATE network is called inside, or private, etc. Whatever you called it with the nameif syntax. You create an access list, apply it using the access-group command to your inside/private interface.

Make sure you have a 'permit ip any any' at the end, otherwise the explicit deny will block all other traffic not specifically permitted.

jbenson · ‎06-12-2008

Got it. So basically this is just blocking the IP. Not actually blocking on the URL name. The remark line is just so you know what the next line of the ACL is blocking. Is there any way to do a re-direct based on a requested IP?

Jason

ajbnetworx · ‎08-20-2008

For the 2800 series integrated services routers, is there any way to add a custom error message in the form of an html?

megahertz56 · ‎08-18-2020

HI is it possible to do url filtering with in ISR router 4461 with latest version .Do we need any server to do url fil.tering