CCIE Help: May 2021

URL Blocking on Cisco ASA

Topology

User access will be blocked while access the urls matching on configured regular expression

ASA Configuration

object-group user TEST-USER

user LOCAL\test

user LOCAL\test1

object-group service USER-SERVICE tcp

port-object eq www

port-object eq https

access-list USER-TRAFFIC extended permit tcp object-group-user TEST-USER any any object-group USER-SERVICE

regex cisco.com "cisco\.com"

class-map type inspect http match-any CMAP-MATCH-URL

match request header host regex cisco.com

class-map CMAP-MATCH-HTTP

match access-list USER-TRAFFIC

policy-map type inspect http PMAP-MATCH-URL

parameters

class CMAP-MATCH-URL

drop-connection log

policy-map PMAP-BLOCK-URL

class CMAP-MATCH-HTTP

inspect http PMAP-MATCH-URL

service-policy PMAP-BLOCK-URL interface outside

IP host entry is configured on user machine with IP of router CSR3

CSR2

ip host cisco.com 192.168.12.2

ip dhcp excluded-address 192.168.10.1 192.168.10.11

ip dhcp pool POOL1

network 192.168.10.0 255.255.255.0

default-router 192.168.10.1

dns-server 192.168.10.1

interface GigabitEthernet1

ip address 192.168.11.2 255.255.255.0

negotiation auto

interface GigabitEthernet2

ip address 192.168.10.1 255.255.255.0

negotiation auto

CSR3

interface GigabitEthernet1

ip address 192.168.12.2 255.255.255.0

negotiation auto

ip http server

ip http authentication local

User will try to access cisco.com on http from machine having host entry of csr3 ip(192.168.12.2)

CCIE Help

Pages

Thursday, May 6, 2021

URL Blocking Cisco ASA

Cut-through proxy on ASA