cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1199
Views
0
Helpful
4
Replies

Address exclusion from CWS for Cisco ASA

bmak
Level 1
Level 1

Hi,

 

I am currently facing an issue, in which a user from a region in Africa is trying to access a website, the website is only accessible to users in that particular country and cannot be accessed outside the country.

The users Anyconnect makes use of the CWS clouds webfiltering, after troubleshooting, it was seen that there is no CWS tower for that particular country hence the user is unable to access the website 

 

Is it possible to exclude an IP address of the website from the CWS, so the request to access the website does not go through the CWS.

 

I read that this could be done through the "Cloud Bypass" Option, but it only states that it applies to the ISR devices. And the device in question for me is the Cisco ASA.  

4 Replies 4

First you need to find out which connector is used. It could be AnyConnect or the ASA. That is not clear with your description.

  • If it is the ASA, you can configure a local exemption from CWS, probably you have to configure a FQDN-object for that site.
  • If it is AnyConnect, you can use the AnyConnect Profile Editor to configure Exceptions.

Thank you for the Response, it is an ASA connector.

I see on the Cisco cloud web security web app, there is a "cloud bypass" option.

Can adding the destination IP to the cloud bypass cause the exemption ?

As far as I remember is the Cloud Bypass only for the router-connector. But try it, perhaps it works also on thy ASA, but I don't think so ...

 

babiojd01
Level 1
Level 1

the acl used that maps the class map can have a deny entry first for addresses you want to bypass.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: