cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5854
Views
0
Helpful
3
Replies

Any solutions for URL based routing

lapsonwor
Level 1
Level 1

Hi,

I have an ASA 5505 that has 2 route (1 route connecting to MPLS VPN to HK branch office and 1 route connecting to Internet service provider). As you know, ISP in China blocking many web sites (such as facebook, youtube or etc.). So , I would like to route the traffic when the user in China office would like to browse facebook.com or youtube.com to HK ASA and egress to the internet by NAT. However, all other traffic remain to route to ISP in China, so that the Internet traffic in HK office will not be overload and the user in China can browse facebook.com or youtube.com.

I have researched a topic of regular expression with Modular Policy Framework (MPF). I expected that if the ASA can match the traffic, I can set next hop to HK office's ASA. However, this feature does not support https so that my expectation failed. Because the login page and sometime these web site using https for encryption. I hope URL based routing work on both http and https can work.

Do anyone have any solutions to resolve this situation? Please kindly provide it to me. I would appreiciate it if you could also provide configuration example with commands. I look forward to hearing from anyone soon. Thank you.

Regards,

Lapson Wong

2 Accepted Solutions

Accepted Solutions

Michael Muenz
Level 5
Level 5

I'd rather prefer a proxy solution with automatic proxy configuration (PAC), where specified URLs go to the proxy in HK, everything else bypass proxy.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

View solution in original post

What you are trying to do is policy-based routing which is not supported on the ASA.  MPF is used only for inspection and QoS type serverices.

If using a proxy is not an option, you would need to put in a router that would send the desired traffic over the WAN network.  another option, though I would not recommend it, is to find all the IPs of facebook, youtube, etc. and add static routes on the ASA pointing out the WAN interface.

--
Please remember to select a correct answer and rate helpful posts

View solution in original post

3 Replies 3

Michael Muenz
Level 5
Level 5

I'd rather prefer a proxy solution with automatic proxy configuration (PAC), where specified URLs go to the proxy in HK, everything else bypass proxy.

Michael

Please rate all helpful posts

Michael Please rate all helpful posts

What you are trying to do is policy-based routing which is not supported on the ASA.  MPF is used only for inspection and QoS type serverices.

If using a proxy is not an option, you would need to put in a router that would send the desired traffic over the WAN network.  another option, though I would not recommend it, is to find all the IPs of facebook, youtube, etc. and add static routes on the ASA pointing out the WAN interface.

--
Please remember to select a correct answer and rate helpful posts

lapsonwor
Level 1
Level 1

Thank you for your reply. I throught ASA can do the policy based routing based on URL. Now, I understand that I misunderstand something. I hope ASA can do this in the future.

Ok, PAC is a good idear. I prefer to use proxy in this situation. Thx.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: