Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

URL Filtering and Blocking in ASA


When i redirect the traffic to CSC SSM for URL filtering and blocking, the browsing of HTTP traffic is very slow...How can i make the browsing of HTTP site...

Everyone's tags (5)

URL Filtering and Blocking in ASA

Hi Bro

What websites are slow when your LAN users are accessing them? It’s common knowledge that some websites, such as banks, online shopping sites, or other special purpose servers that require extra backend processing before responding to a client request.

Not many people know this, bu the CSC SSM has a non-configurable, 90-second timeout between the client request and the server response to prevent transactions from tying up resources on the CSC SSM for too long. This means that transactions that take a longer time to process will fail.

The workaround is to exclude the site from scanning.

For example, for a site on the outside network with the IP address,


access-list 101 remark ### exempt http traffic inspection by CSC SSM to ###

access-list 101 deny tcp any host eq http

access-list 101 remark ### inspection all other traffic ###

access-list 101 permit tcp any eq http


class-map my_csc_class

match access-list 101


policy-map my_csc_policy

class my_csc_class

csc fail-open


service-policy my_csc_policy interface inside


Furthermore, you could also perform packet capture;

access-list cap_acl permit tcp any host

access-list cap_acl permit tcp host any

capture cap access-list cap_acl interface inside


capture csc_cap interface asa_dataplane OR cplane

P/S: If you think this comment is useful, please do rate them nicely :-)

Warm regards, Ramraj Sivagnanam Sivajanam Technical Specialist/Service Delivery Manager – Managed Service Department
CreatePlease login to create content