ASA Version 9.6(1) ! hostname ciscoasa domain-name google.com enable password ******* encrypted names ! interface GigabitEthernet1/1 nameif outside security-level 0 dhcp client route distance 254 ip address dhcp setroute ! interface GigabitEthernet1/2 nameif Gifcomp security-level 100 ip address 192.168.1.1 255.255.255.0 ! interface GigabitEthernet1/3 nameif backup security-level 0 dhcp client route distance 254 ip address dhcp setroute ! interface GigabitEthernet1/4 nameif Test security-level 100 ip address 10.1.10.1 255.255.255.0 ! interface GigabitEthernet1/5 nameif Lawyer security-level 100 ip address 192.168.2.1 255.255.255.0 ! interface GigabitEthernet1/6 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/7 shutdown no nameif no security-level no ip address ! interface GigabitEthernet1/8 shutdown no nameif no security-level no ip address ! interface Management1/1 management-only no nameif no security-level no ip address ! regex urllist1 ".*\.([Ee][Xx][Ee]|[Cc][Oo][Mm]|[Bb][Aa][Tt]) HTTP/1.[01]" regex urllist2 ".*\.([Pp][Ii][Ff]|[Vv][Bb][Ss]|[Ww][Ss][Hh]) HTTP/1.[01]" regex urllist3 ".*\.([Dd][Oo][Cc]|[Xx][Ll][Ss]|[Pp][Pp][Tt]) HTTP/1.[01]" regex urllist4 ".*\.([Zz][Ii][Pp]|[Tt][Aa][Rr]|[Tt][Gg][Zz]) HTTP/1.[01]" regex domainlist1 "\.yahoo\.com" regex domainlist2 "\.myspace\.com" regex domainlist3 "\.youtube\.com" ftp mode passive dns domain-lookup outside dns server-group DefaultDNS name-server 8.8.8.8 domain-name google.com same-security-traffic permit intra-interface object network obj_any subnet 0.0.0.0 0.0.0.0 object network Youtube fqdn www.youtube.com object network Test subnet 10.1.10.0 255.255.255.0 description Test for Block object network Lawyer subnet 192.168.2.0 255.255.255.0 description Lawyer object network Gifcomp subnet 192.168.1.0 255.255.255.0 description GifComp object-group protocol TCPUDP protocol-object udp protocol-object tcp access-list outside_access_in extended permit icmp6 any any echo-reply access-list Lawyer_access_in extended permit ip object Lawyer any access-list Test_access_in extended deny tcp object Test any eq www access-list Test_access_in extended deny tcp object Test any eq https access-list Test_access_in extended permit object-group TCPUDP object Test object Youtube eq www access-list Test_access_in extended permit tcp object Test object Youtube eq https access-list Test_access_in extended permit ip object Test any access-list Gifcomp_access_in extended permit ip object Gifcomp any pager lines 24 logging list sla-list message 622001 logging trap sla-list logging history sla-list logging asdm informational mtu outside 1500 mtu Gifcomp 1500 mtu backup 1500 mtu Test 1500 mtu Lawyer 1500 ip verify reverse-path interface outside ip verify reverse-path interface Gifcomp ip verify reverse-path interface backup ip verify reverse-path interface Test ip verify reverse-path interface Lawyer icmp unreachable rate-limit 1 burst-size 1 no asdm history enable arp timeout 14400 no arp permit-nonconnected ! nat (Test,outside) after-auto source dynamic Test interface nat (Lawyer,outside) after-auto source dynamic Lawyer interface nat (Gifcomp,outside) after-auto source dynamic Gifcomp interface nat (Gifcomp,backup) after-auto source dynamic Gifcomp interface access-group outside_access_in in interface outside access-group Gifcomp_access_in in interface Gifcomp access-group Test_access_in in interface Test access-group Lawyer_access_in in interface Lawyer route outside 0.0.0.0 0.0.0.0 24.218.72.1 1 track 1 route backup 0.0.0.0 0.0.0.0 172.16.1.1 2 timeout xlate 3:00:00 timeout pat-xlate 0:00:30 timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 sctp 0:02:00 icmp 0:00:02 timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00 timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00 timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute timeout tcp-proxy-reassembly 0:01:00 timeout floating-conn 0:00:00 user-identity default-domain LOCAL aaa authentication ssh console LOCAL http server enable http 192.168.1.0 255.255.255.0 Gifcomp no snmp-server location no snmp-server contact snmp-server enable traps syslog sla monitor 10 type echo protocol ipIcmpEcho 8.8.8.8 interface outside num-packets 2 frequency 5 sla monitor schedule 10 life forever start-time now service sw-reset-button crypto ipsec security-association pmtu-aging infinite crypto ca trustpool policy ! track 1 rtr 10 reachability telnet timeout 5 ssh stricthostkeycheck ssh 192.168.1.0 255.255.255.0 Gifcomp ssh timeout 5 ssh key-exchange group dh-group1-sha1 console timeout 0 dhcp-client broadcast-flag dhcpd address 192.168.1.100-192.168.1.149 Gifcomp dhcpd dns 8.8.8.8 8.8.4.4 interface Gifcomp dhcpd enable Gifcomp ! dhcpd address 10.1.10.50-10.1.10.250 Test dhcpd dns 8.8.8.8 8.8.4.4 interface Test dhcpd enable Test ! dhcpd address 192.168.2.50-192.168.2.250 Lawyer dhcpd dns 8.8.8.8 8.8.4.4 interface Lawyer dhcpd enable Lawyer ! dynamic-access-policy-record DfltAccessPolicy username poscenter password BykLnCwCq3MqTeOd encrypted ! class-map inspection_default match default-inspection-traffic ! ! policy-map type inspect dns preset_dns_map parameters message-length maximum client auto message-length maximum 512 policy-map global_policy class inspection_default inspect dns preset_dns_map inspect ftp inspect h323 h225 inspect h323 ras inspect rsh inspect rtsp inspect esmtp inspect sqlnet inspect skinny inspect sunrpc inspect xdmcp inspect sip inspect netbios inspect tftp inspect ip-options inspect icmp inspect icmp error class class-default user-statistics accounting ! service-policy global_policy global prompt hostname context no call-home reporting anonymous hpm topN enable Cryptochecksum:5bfcb3a245e3b8b20ca234fae6bfc58f : end ------------------------------------------------------------------------------------------------------------------------------------ ciscoasa(config)# show access-list Test_access_in access-list Test_access_in; 54 elements; name hash: 0xb594a33e access-list Test_access_in line 1 extended deny tcp object Test any eq www (hitcnt=3720) 0x8e02d013 access-list Test_access_in line 1 extended deny tcp 10.1.10.0 255.255.255.0 any eq www (hitcnt=3720) 0x8e02d013 access-list Test_access_in line 2 extended deny tcp object Test any eq https (hitcnt=25922) 0x172b5515 access-list Test_access_in line 2 extended deny tcp 10.1.10.0 255.255.255.0 any eq https (hitcnt=25922) 0x172b5515 access-list Test_access_in line 3 extended permit object-group TCPUDP object Test object Youtube eq www (hitcnt=0) 0x79ba57b7 access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 fqdn www.youtube.com (resolved) eq www 0x1343b3b1 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 fqdn www.youtube.com (resolved) eq www 0x1f2dfc81 access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 172.217.10.142 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.10.142 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 172.217.3.110 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.3.110 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 172.217.6.206 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.6.206 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 172.217.6.238 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.6.238 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 172.217.7.14 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.7.14 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 172.217.10.238 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.10.238 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 172.217.11.46 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.11.46 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 172.217.12.174 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.12.174 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 172.217.12.206 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.12.206 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 216.58.219.206 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 216.58.219.206 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 172.217.9.238 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.9.238 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 172.217.10.14 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.10.14 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 172.217.10.46 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.10.46 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 172.217.10.78 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.10.78 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 172.217.12.142 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.12.142 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 3 extended permit udp 10.1.10.0 255.255.255.0 host 172.217.11.14 (www.youtube.com) eq www (hitcnt=0) 0x6b3d9d23 access-list Test_access_in line 3 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.11.14 (www.youtube.com) eq www (hitcnt=0) 0x8c0bfc7c access-list Test_access_in line 4 extended permit tcp object Test object Youtube eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 fqdn www.youtube.com (resolved) eq https 0x95380f8a access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.10.142 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.3.110 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.6.206 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.6.238 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.7.14 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.10.238 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.11.46 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.12.174 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.12.206 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 216.58.219.206 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.9.238 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.10.14 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.10.46 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.10.78 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.12.142 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 4 extended permit tcp 10.1.10.0 255.255.255.0 host 172.217.11.14 (www.youtube.com) eq https (hitcnt=0) 0xf8803d01 access-list Test_access_in line 5 extended permit ip object Test any (hitcnt=3040) 0x17ad0071 access-list Test_access_in line 5 extended permit ip 10.1.10.0 255.255.255.0 any (hitcnt=3040) 0x17ad0071