Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Content Security Module for ASA - SSM-CSC

Hi,

Is it possible with that module to filter some of the users filtered (like restricting facebook.com) and others unfiltered? I mean if user based filtering is possible?

thx

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Content Security Module for ASA - SSM-CSC

In asa,you define what traffic should be sent to csc for scanning purpose.

In the acl where you define the traffic,add an entry denying the source ip addresses for which you do not want filtering to be done.

class-map CSC-C

match access-list CSC-TRAFFIC

policy-map global_policy

class CSC-C

csc fail-open

access-list CSC-TRAFFIC line 1 extended deny tcp host x.x.x.x any eq 80

access-list CSC-TRAFFIC line 2 extended permit tcp any any eq 80

access-list CSC-TRAFFIC line 3 extended permit tcp any any eq smtp

In the above example,web traffic from x.x.x.x will not be sent to csc...

HTH

Sushil

4 REPLIES

Re: Content Security Module for ASA - SSM-CSC

it is possible based on source IP address not user name

if helpful Rate

New Member

Re: Content Security Module for ASA - SSM-CSC

You will need some type of URL filtering software like WebSense to filter based on user.....

Cisco Employee

Re: Content Security Module for ASA - SSM-CSC

In asa,you define what traffic should be sent to csc for scanning purpose.

In the acl where you define the traffic,add an entry denying the source ip addresses for which you do not want filtering to be done.

class-map CSC-C

match access-list CSC-TRAFFIC

policy-map global_policy

class CSC-C

csc fail-open

access-list CSC-TRAFFIC line 1 extended deny tcp host x.x.x.x any eq 80

access-list CSC-TRAFFIC line 2 extended permit tcp any any eq 80

access-list CSC-TRAFFIC line 3 extended permit tcp any any eq smtp

In the above example,web traffic from x.x.x.x will not be sent to csc...

HTH

Sushil

Re: Content Security Module for ASA - SSM-CSC

i think u were asking about how to filter some websites based on users so i told u

that u can do it through source IP not username

however u seem u were looking how to send spisific traffic to CSC

then this link will give all these details in that regard

http://www.cisco.com/en/US/products/ps6120/products_configuration_example09186a00808dea62.shtml

good luck

if helpful Rate

248
Views
0
Helpful
4
Replies