Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3396
Views
4
Helpful
7
Replies

ASA 5510 integrate websense

shailesh_ccnp
Level 1
Level 1

‎12-18-2006 04:37 AM - edited ‎03-11-2019 02:10 AM

Hi,

Please somebody can help me how to integrate ASA5510 with websense ...

Regards,

Labels:
0 Helpful
7 Replies 7

Not applicable

‎12-18-2006 01:27 PM

0 Helpful

Not applicable

‎12-18-2006 01:28 PM

0 Helpful

Not applicable

‎12-18-2006 01:28 PM

0 Helpful

pengfang
Level 1
Level 1

‎12-20-2006 09:34 PM

I assuming you will deploy websense in your inside network ,do not put it in the DMZ.Followed is code for URL filterting:

1. ASA

url-server (Inside) vendor websense host 192.168.3.4 timeout 30 protocol TCP version 4 connections 5

url-cache src_dst 128

url-block block 128

filter https 443 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow

filter ftp 21 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow #optional,if you want to filter ftp#

filter url http 0.0.0.0 0.0.0.0 0.0.0.0 0.0.0.0 allow proxy-block

policy-map global_policy

class inspection_default

inspect http #http inspect enabled#

!

service-policy global_policy global

2. websense : see attched screen shot

select " Integrate" mode ,not "standalone"

select "Cisco ASA appliance"

ASA only filter URL ,if you want to filter protocol, you should configure websense filter agent accordingly.

if the post help, please rate ,thanks

Preview file
136 KB
0 Helpful

l.tating
Level 1
Level 1
In response to pengfang

‎12-20-2006 10:31 PM

Hello!

I am currently working on a ASA5520 with CSC SSM on it. Im trying to test URL blocking, but Im not sucessful. Is it absolutely necessary to have Websense or N2H2 to successfully filter or block URLs? I want to know if ASA CSC SSM can to the URL blocking by itself. Thank you!

Lorenz

0 Helpful

pengfang
Level 1
Level 1
In response to l.tating

‎12-21-2006 08:28 AM

You can use CSC SSM to do url filtering, not necessary to configure Websense and N2H2 on the ASA. The difference are.

1. I belive (guess:)) CSC SSM will send your URL check request to the server host on the Internet by Trend

2. WebSense and N2H2 solutions will have your ASA redirect URL request to server in your LAN,because signature database larger than 200M for websense v6.2.

if the post help,please rate.

Peng

0 Helpful

m-haddad
Level 5
Level 5
In response to l.tating

‎12-21-2006 09:42 AM

Hello Lorenz,

It is not enough to enable the URL blocking and filtering through the CSC module interface. YOu have to configure the ASA to pass HTTP traffic through the CSC module otherwise traffic won't be filtered by the CSC even if you do the web configuration.

Below you can find a sample config to pass traffic to the CSC. The below will pass FTP, POP3, HTTP and SMTP. These are the only supported protocols by CSC.

access-list csc_inside_outbound permit tcp "Inside_subnet" any eq 21

access-list csc_inside_outbound permit tcp "Inside_subnet" any eq 80

access-list csc_inside_outbound permit tcp "Inside_subnet" any eq 110

access-list csc_inside_outbound permit tcp "Inside_subnet" any eq 25

class-map csc_inside_outbound_class

match access-list csc_inside_outbound

policy-map csc_inside_out_policy

class csc_inside_outbound_class

csc fail-open

service-policy csc_inside_out_policy interface inside

Appreicate your rating if I could help,

Regards,

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card