https://community.cisco.com/t5/network-security/any-solutions-for-url-based-routing/m-p/2290757#M344085 <P>Hi,</P><P></P><P>I have an ASA 5505 that has 2 route (1 route connecting to MPLS VPN to HK branch office and 1 route connecting to Internet service provider). As you know, ISP in China blocking many web sites (such as facebook, youtube or etc.). So , I would like to route the traffic when the user in China office would like to browse facebook.com or youtube.com to HK ASA and egress to the internet by NAT. However, all other traffic remain to route to ISP in China, so that the Internet traffic in HK office will not be overload and the user in China can browse facebook.com or youtube.com.</P><P></P><P>I have researched a topic of regular expression with <SPAN style="font-size: 10pt;">Modular Policy Framework (MPF). I expected that if the ASA can match the traffic, I can set next hop to HK office's ASA. However, this feature does not support https so that my expectation failed. Because the login page and sometime these web site using https for encryption. I hope URL based routing work on both http and https can work.</SPAN></P><P></P><P>Do anyone have any solutions to resolve this situation? Please kindly provide it to me. I would appreiciate it if you could also provide configuration example with commands. I look forward to hearing from anyone soon. Thank you.</P><P></P><P>Regards,</P><P>Lapson Wong</P> Tue, 12 Mar 2019 02:29:55 GMT lapsonwor 2019-03-12T02:29:55Z https://community.cisco.com/t5/network-security/any-solutions-for-url-based-routing/m-p/2290757#M344085 <P>Hi,</P><P></P><P>I have an ASA 5505 that has 2 route (1 route connecting to MPLS VPN to HK branch office and 1 route connecting to Internet service provider). As you know, ISP in China blocking many web sites (such as facebook, youtube or etc.). So , I would like to route the traffic when the user in China office would like to browse facebook.com or youtube.com to HK ASA and egress to the internet by NAT. However, all other traffic remain to route to ISP in China, so that the Internet traffic in HK office will not be overload and the user in China can browse facebook.com or youtube.com.</P><P></P><P>I have researched a topic of regular expression with <SPAN style="font-size: 10pt;">Modular Policy Framework (MPF). I expected that if the ASA can match the traffic, I can set next hop to HK office's ASA. However, this feature does not support https so that my expectation failed. Because the login page and sometime these web site using https for encryption. I hope URL based routing work on both http and https can work.</SPAN></P><P></P><P>Do anyone have any solutions to resolve this situation? Please kindly provide it to me. I would appreiciate it if you could also provide configuration example with commands. I look forward to hearing from anyone soon. Thank you.</P><P></P><P>Regards,</P><P>Lapson Wong</P> Tue, 12 Mar 2019 02:29:55 GMT https://community.cisco.com/t5/network-security/any-solutions-for-url-based-routing/m-p/2290757#M344085 lapsonwor 2019-03-12T02:29:55Z https://community.cisco.com/t5/network-security/any-solutions-for-url-based-routing/m-p/2290758#M344086 <HTML><HEAD></HEAD><BODY><P>I'd rather prefer a proxy solution with automatic proxy configuration (PAC), where specified URLs go to the proxy in HK, everything else bypass proxy.</P><P></P><P></P><P>Michael <BR /> <BR />Please rate all helpful posts</P></BODY></HTML> Fri, 23 Aug 2013 08:43:14 GMT https://community.cisco.com/t5/network-security/any-solutions-for-url-based-routing/m-p/2290758#M344086 Michael Muenz 2013-08-23T08:43:14Z https://community.cisco.com/t5/network-security/any-solutions-for-url-based-routing/m-p/2290759#M344087 <HTML><HEAD></HEAD><BODY><P>What you are trying to do is policy-based routing which is not supported on the ASA.&nbsp; MPF is used only for inspection and QoS type serverices.</P><P></P><P>If using a proxy is not an option, you would need to put in a router that would send the desired traffic over the WAN network.&nbsp; another option, though I would not recommend it, is to find all the IPs of facebook, youtube, etc. and add static routes on the ASA pointing out the WAN interface.</P></BODY></HTML> Fri, 23 Aug 2013 10:31:04 GMT https://community.cisco.com/t5/network-security/any-solutions-for-url-based-routing/m-p/2290759#M344087 Marius Gunnerud 2013-08-23T10:31:04Z https://community.cisco.com/t5/network-security/any-solutions-for-url-based-routing/m-p/2290760#M344088 <HTML><HEAD></HEAD><BODY><P>Thank you for your reply. I throught ASA can do the policy based routing based on URL. Now, I understand that I misunderstand something. I hope ASA can do this in the future.</P><P></P><P>Ok, PAC is a good idear. I prefer to use proxy in this situation. Thx.</P></BODY></HTML> Sat, 24 Aug 2013 11:20:06 GMT https://community.cisco.com/t5/network-security/any-solutions-for-url-based-routing/m-p/2290760#M344088 lapsonwor 2013-08-24T11:20:06Z