Re: Newbie needs help with his ASA 5510

quinfilipowicz · ‎06-24-2008

Hi,

I'm not a networking person at all and don't know where to look. We have an ASA 5510 and I want to see who is streaming video and surfing unmentionable sites. Once I find out who and where they are going, I eventually want to block those sites. We are a small 60 employee company and that T1 is DOG slow at times. Can the ASA 5510 help me with want I want to do? If not, are there any cheap solutions?

Thanks,

Quin

JORGE RODRIGUEZ · ‎06-24-2008

You can capture realtime ASDM logs into a syslog server but you will have to go through links where users visit, obiously this could be a long tedious task , you may consider looking into a more inteligent devices to do it for you such as the CSC-SSM add-on module.

http://www.cisco.com/en/US/products/ps6823/index.html

Rgds

-Jorge

Jorge Rodriguez

dhananjoy chowdhury · ‎06-25-2008

Yes, you will have to go through the logs and find the IP address/ domain names/url's/ ports where the users are connecting to..

Then you can -

- block the IP's/ports using access-lists

- block the domains/urls with specific expression like "xyz.com" or ".mp3" using regular expressions

quinfilipowicz · ‎06-25-2008

Isn't there a way to see the NAMES of the domains? I don't want to have to sort through IP addresses to see which ones are legit. If not, is there a software package out there that reads this information and converts the IP addresses into Domain Names?

Thanks,

Quin

jcadmin · ‎10-02-2008

You might want to consider adding a specific web access tracking product like Websense. It can filter and block sites by category and log access. It is compatible with ASA.

This will save you a lot of log file diving. There are enough inappropriate sites out there that when you block them manually you might never finish.